What is the purpose of the implicit grant authorization type in OAuth 2?

Question

I don\'t know if I just have some kind of blind spot or what, but I\'ve read the OAuth 2 spec many times over and perused the mailing list archives, and I have yet to find a

Answer 1

I'm not sure that I understand correctly the answer and Dan's comment. It seems to me that the answer has stated some facts correct but it does point out exactly what OP asked. If I understand correctly, the major advantage of the implicit grant flow is that a client like JS app (e.g Chrome extension) doesn't have to expose the client secret.

Dan Taflin said:

...in the authorization code flow the resource owner never needs to see the access token, whereas in javascript clients that's unavoidable. Client secret could still be kept from javascript clients using authorization code flow, however..

Perhaps I misunderstood you, but the client (JS app in this case) must pass the client credential (client key and secret) to the resource server in the authorization code flow, right ? The client secret cannot be "kept from JS".