If I want to to apply the authorization code flow to a public client (e.g. desktop application), I will end up storing the client id and redirect uri on the source code.
