0👍
✅
The authorization_code flow without client secret hasn’t been implemented yet (different priorities).
For now you’ll need the extra server to keep the client_secret in a secure place.
Source:stackexchange.com