At the moment, the Power Platform Portals provides the support to Implicit Grant Flow for communicating with external applications. However, using the Implicit Grant Flow is not a recommended approach and it is not supported by external applications. According to the OAuth: "It is generally not recommended to use the implicit flow (and some servers prohibit this flow entirely). In the time since the spec was originally written, the industry best practice has changed to recommend that public clients should use the authorization code flow with the PKCE extension instead."
I would like to have the support of "OAuth 2.0 Authorization Code Grant" in Power Plartform Portals to stay up to date with security requiremnts.