Implementing an implicit flow with an official client-side SDK released by the third-party provider is almost a walk in the park, even in Angular; we just have to find a way to implement a small, yet required amount of external JavaScript within our client-side code and load the external JS libraries without messing up the Angular components life cycle--or the page DOM--and we're set.

On top of that, the overall results will most likely look great; the required pop-up window will open (and close) in the best possible way, without size mismatches or other UI/UX issues, and without any hack (that we're aware of).

However, such an approach also comes with a few downsides: our users will be able to receive their access tokens, along with whatever can spy, hack, sniff, or impersonate them; additionally, it will also force us to write a certain amount of dedicated client-side code for each supported provider, which might be far from ideal if we want to support a whole lot of them.