This broken Authorization Code flow, because you cannot keep client_secret credential safe in the client, so.. why in your demo example (authorization code) did you send in the body request (x-www-form-urlencoded) the client_secret field or I mistaken.
This broken Authorization Code flow, because you cannot keep client_secret credential safe in the client, so.. why in your demo example (authorization code) did you send in the body request (x-www-form-urlencoded) the client_secret field or I mistaken.
Regards