oAuth2 : Implicit Grant

https://darutk.medium.com/diagrams-and-movies-of-all-the-oauth-2-0-flows-194f3c3ade85  

https://datatracker.ietf.org/doc/html/rfc6749#section-4.2

https://www.youtube.com/watch?v=fX5U50VGxtg

This is the flow defined in "RFC 6749, 4.2. Implicit Grant". A client application (a) makes an authorization request to an authorization endpoint and (b) gets an access token directly from the authorization endpoint.

https://stackoverflow.com/questions/7522831/what-is-the-purpose-of-the-implicit-grant-authorization-type-in-oauth-2 

In summary difference between "Implicit Grant Flow" & "Authorization Grant flow" is in "implicit grant flow" "access token" directly without client authorization 

Because implicit grant flow is for clients that are implemented entirely using javascript and are running in resource owner's browser. You do not need any server side code to use this flow. Then, if everything happens in resource owner's browser it makes no sense to issue auth code & client secret anymore, because token & client secret will still be shared with resource owner. Including auth code & client secret just makes the flow more complex without adding any more real security.

So the answer on "what has been gained?" is "simplicity".

https://www.youtube.com/watch?v=KUruB156-h4 

\