I am referring to the discussion
which was solved by answering how to enable the password grant type.
Additionally @richard.dowinton recommended using authorization code grant with PKCE, which would introduce WebAuth to the application.
Unfortunately the discussion ended with a bunch of open questions.
That said, we are facing the exact same problem / design requirements as discussed by @akilalabnyc .
Thus I would like to ask if there is any possibility to increase the security without introducing WebAuth?
There won’t be any social or passwordless connections either, which furthermore reduces the justification to introduce WebAuth for us.