In the "Session, Cookie, JWT, Token, SSO, and OAuth 2.0 Explained in One Diagram", you mentioned Implicit Grant as recommended grant type solution for native.
For security reasons, you should change the flow recommended for native application to "Authorization Code Flow" and add the PKCE extension for both the web app and native app as well.
In the "Session, Cookie, JWT, Token, SSO, and OAuth 2.0 Explained in One Diagram", you mentioned Implicit Grant as recommended grant type solution for native.
For security reasons, you should change the flow recommended for native application to "Authorization Code Flow" and add the PKCE extension for both the web app and native app as well.
"the use of the Implicit Flow with native apps is NOT RECOMMENDED" Source: https://datatracker.ietf.org/doc/html/rfc8252
I don't know how you make your image but if I can help more, do not hesitate.