Is there an one-for-all OAuth2 workflow that I can use for multiple client types?

Question

I am building an application that will be secured by OAuth2. The types of users I expect are as below:

1. Non-confidential browser based java script client. (My Angular client application)
2. Non-confidential native app client. (My iOS/android client application)
3. 3rd Party non-confidential browser based java script client. (Any third party JS application running on a browser)
4. 3rd Party non-confidential native app client. (Any third party iOS/android client application)

My Questions:

1. Is there ONE workflow/grant type that will work for all of my above 4 use cases?
2. If not, which workflows should I consider implementing in order to cover all of the above 4 scenarios?

Answer 1

The Authorization Code grant type could cover all of the use case you mention. Even for non-confidential 3rd-party JS applications, though the Implicit grant was designed for that use case, current recommendations seem to point in the direction of the Authorization Code grant type.