Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Yes, I think using API flows for browser apps is unsafe but browser flows for API apps should be fine :thinking_face:
The huge downside I see is that you then need to open a browser on your native device to do self-service flows.

If you just use the API/native flows there is no browser required.

main downside is you have to manage cookies