Since the explicit flow runs on the server side for the most part, it can be easily tested by placing the appropriate breakpoints within the TokenController's new methods; however, since the client-side app will play a relevant role, it's advisable to keep our eyes open to the Angular component as well.

The most critical part to debug there will definitely be the externalProviderLogin function, which is instantiated from the Angular component and then executed by the pop-up window through the <SCRIPT> tag returned by the server-side API; that's definitely something we've been doing the unorthodox way, to say the least.