If you are making an app that doesn’t use a server, such as a client-side JavaScript app or a mobile app, you’ll use the Implicit Grant Flow.
This method does not require a client secret (only the client id). I do not know what your app should do, but based on reading your post I think this might suit you.