We have an application that we’re building and need to expose Nintex API data such as list of tasks assigned to the user for a particular workflow. I see that there are 3 authentication methods. We did not want to use service app token as it gives it access admin to the tenant and we didn’t want to use a personal access token either because of the developer role. 

The client app token made the most sense because we can limit the scope to just read only to get the list of tasks. However, we noticed it requires a user to sign in through a pop-up window. Is there another method that won’t involve this pop-up window or is there a way to have the user only do it once?