Readme contains a few incorrect pieces of information. Microsoft has implemented PKCE and OAuth 2 for Native Apps RFC since readme was first published. Even before readme was first published, it was possible to obtain a refresh token for a public client without a client secret from Microsoft STSes - you just needed to use a native client (custom scheme or pre-defined) redirect URI. Now it is also possible for app owners to register https native client redirect URIs.
Readme contains a few incorrect pieces of information. Microsoft has implemented PKCE and OAuth 2 for Native Apps RFC since readme was first published. Even before readme was first published, it was possible to obtain a refresh token for a public client without a client secret from Microsoft STSes - you just needed to use a native client (custom scheme or pre-defined) redirect URI. Now it is also possible for app owners to register https native client redirect URIs.