Many people seem to ask for the guidance on which grant / flow to use in OpenID Connect.
Here is my straw-man answer.
|Conditions / Requirement||code grant||implicit grant||hybrid grant|
|Server is not directly reachable from the client||x|
|Want less round trip||x||x|
|Do not want to reveal tokens for better security||x||(some)|
|Want client authentication||x||x|
|Want refresh token||x||x|
|Slow front channel, fast back channel||x||x|