Many people seem to ask for the guidance on which grant / flow to use in OpenID Connect.
Here is my straw-man answer.
| Conditions / Requirement | code grant | implicit grant | hybrid grant |
| Server is not directly reachable from the client | x | ||
| Want less round trip | x | x | |
| Do not want to reveal tokens for better security | x | (some) | |
| Want client authentication | x | x | |
| Want refresh token | x | x | |
| Slow front channel, fast back channel | x | x |