Using Implicit Grant flow with Reddit API from an SPA

Question

When I redirect to

https://www.reddit.com/api/v1/authorize?response_type=token&client_id=3JTVJFUn28MxFQ&state=RANDOMSTATEFORCONFIRMATION&redirect_uri=http%3A%2F%2Flocalhost%3A4200&scope=read

from an Angular app, I get the error

confidential clients can not request tokens directly

When I try the same request from Postman (eg outside the browser), it works.

Why? https://github.com/reddit-archive/reddit/wiki/oauth2 explicitly mentions the Implicit Authentication Flow; eg with response_type=token instead of code. The only reason the Implicit Authentication Flow exists is for SPAs like Angular, because the code grant flow does not make sense for them (as the token is revealed anyway). So why does Reddit offer the Implicit Authentication Flow but does not let me use it?

Answer 1

You must create your application as an installed app to use the implicit grant.

As per the documentation.