If the client is public, the token exchange is handled client-side and the token is returned directly to the client via the SDK.
If the client is confidential, the SDK will return an authorization code that the client can use to exchange for a token on the server-side.
If the client is public, the token exchange is handled client-side and the token is returned directly to the client via the SDK.
If the client is confidential, the SDK will return an authorization code that the client can use to exchange for a token on the server-side.