Read the following:
"Tokens obtained by applications can only read public content and services. Although you cannot use an App login with private content, if your goal is to distribute or sell an app to organizations without ArcGIS Online (no named users), you may control access to your content by using your own login mechanism (I.e. Identity) to the app."
I'm lost. Does it suggest that we can make the our content (map/feature services) accessible to the app but not to the anonymous users not using our app? Using the OAuth2 as an authentication, and we implement authorization using our own mechanism? Is my understanding correct?
If so, how to configure the content as public but requires the App Login?