An example of how you can use Azure API Management to implement a no token in the browser pattern for a JavaScript single-page application.
Why do you think that https://github.com/AzureAD/microsoft-authentication-library-for-js is a good alternative to no-token-in-the-browser-pattern