http://www.rfc-editor.org/rfc/rfc8252.txt
RFC 8252: OAuth 2.0 for Native Apps, W. Denniss, J. Bradley2017-10-01T23:00:00-00:00OAuth 2.0 authorization requests from native apps should only be made through external user-agents, primarily the user's browser. This specification details the security and usability reasons why this is the case and how native apps and authorization servers can implement this best practice.