Vittorio,
Thank you for the detailed and actionable summary around the state of OAuth2 implicit grant and SPAs. I especially appreciate the treatment of renewing access tokens and different SPA topologies, as this helps connect the specification with real-world implementation choices. I am not a full-time identity and authorization expert, so seeing mention of future solutions like token binding and mutual TLS authentication helps me know where this area is heading.
Kudos to you and Auth0 in general - your blog posts consistently communicate difficult technical subjects with clarity and pragmatism. You help educate the community on general solutions with or without use of Auth0, which I appreciate. Fantastic job!