which was solved by answering how to enable the password grant type.
Additionally @richard.dowinton recommended using authorization code grant with PKCE, which would introduce WebAuth to the application.
Unfortunately the discussion ended with a bunch of open questions.
That said, we are facing the exact same problem / design requirements as discussed by @akilalabnyc .
Thus I would like to ask if there is any possibility to increase the security without introducing WebAuth?
There won’t be any social or passwordless connections either, which furthermore reduces the justification to introduce WebAuth for us.
Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!