When you choose to create a new application, you are given 4 options: Native, Single Page Web Applications, Regular Web Applications, and Machine to Machine Applications. The first 3 to me seem to be the exact same. And all can be secured using the same flow (PKCE). And two (SPA and Regular) can be secured using regular auth code flow (assuming you have a back end for your front end).
So given that, why are there 3 different options?