Hybrid architectures
Mobile applications come in many shapes and sizes. As such, the architecture of your mobile application can be flexible as well. There is no reason why your application has to use a single authorization workflow, as is described in the preceding section. If you have a mobile application, and a backend server, you can create a hybrid architecture to leverage the best of both worlds.
Implicit for mobile app, authorization code grant for backend server
Most service providers support the idea of having a single client use multiple authorization flows. For example, Facebook supports a single client application using both the implicit grant flow and the authorization code grant flow. We can leverage this capability and use the most appropriate flow for the given task. For instance, if your application requires some non-sensitive data in a read-only manner, this can be made directly from your native mobile application via the implicit grant flow. Your application may also require...
