Does the Wild Magic sorcerer’s Tides of Chaos feature grant advantage on all attacks, or just the first one?

I have a question regarding the D&D 5e Wild Magic Sorcerer’s Tides of Chaos feature, specifically regarding attacking multiple targets with or without advantage.

The Wild Magic sorcerer’s Tides of Chaos feature (PHB, p. 103) states:

Starting at 1st level, you can manipulate the forces of chance and chaos to gain advantage on one attack roll, ability check, or saving throw. Once you do so, you must finish a long rest before you can use this feature again.

Any time before you regain the use of this feature, the DM can have you roll on the Wild Magic Surge table immediately after you cast a sorcerer spell of 1st level or higher. You then regain the use of this feature.

Last session, I proclaimed that I would like to cast Scorching Ray (I’m only Level 3) with Tides of Chaos for an advantage boost for my attack roll(s?).

Before my GM could react, I stated that only the first roll (1/3) would be affected by the effect from Tides of Chaos. (In an attempt to increase the speed of combat and with full knowledge about my inability and my GM’s that we both do not know the answer to that question.)

Now, this was answered by me before my DM could react. Nobody questions the outcome and all was good. Great.

Now though, a full 48 hours later, I’m questioning my response:
Does Tides of Chaos grant advantage to all attack rolls, even if those attack rolls (may) target multiple targets? Or only the first roll?

Which grant type : Implicit or Auth code (with No secret key) is suitable for Single Page Application(SPA)?

I went thru multiple posts saying how implicit grant is a security risk and why auth code grant with AJAX request to Authorization server should be used after redirecting to application (without client_secret passed to Auth server).

Now in 2019 there is no CORS issue as I can allow app domains on authrization server.

I have following concerns

If I use implicit grant:

  1. Now implicit grant has security issues as Authorization server redirects to application server with token in url.
  2. If I set expiration time to 5 to 10 minutes, after expiration, user will be redirected to login and its problematic especially if he is filling up important form on application. What to do in this scenario? Note that there is no refresh token in Implicit grant to update with new token, so refresh token is out of the picture.

If I use Auth code grant: Suppose if I hit AJAX request after getting redirected to my main application site, and get token in exchange of code,

  1. Auth code grant uses client_secret. And in javascript app where anyone can see the code, we cant use secret.

What approach should be taken here? I am more inclined towards auth_code for SPA but the issue is how to deal with client_secret?

Thank you for reading.

There are multiple links that recommends use Auth code grant instead of SPA. A few out of multiple links :

Single-Page Apps

https://medium.com/oauth-2/why-you-should-stop-using-the-oauth-implicit-grant-2436ced1c926

Is there a way to grant myself MANAGE_USERS permission while inside the adb shell?

The thing is that I’m fed up of some stock adware apps on my Micromax phone and want to disable them for good. So, as per this answer, I used adb shell to disable the app, but I’m getting the following error:

shell@Q4260:/ $   pm hide com.micromax.trendingapps Error: java.lang.SecurityException: Neither user 2000 nor current process has android.permission.MANAGE_USERS. 1|shell@Q4260:/ $    

The error message indicates that I need android.permission.MANAGE_USERS to achieve that. So I even tried granting that permission to the shell app, but no use!

shell@Q4260:/ $   pm grant com.android.shell android.permission.MANAGE_USERS      Operation not allowed: java.lang.SecurityException: Package com.android.shell has not requested permission android.permission.MANAGE_USERS 1|shell@Q4260:/ $    

Is there any other way to get myself that permission?

Finally, the smart-phone is Micromax Q4260 running Marshmallow if that matters. This could probably be solved by rooting, but I don’t have any intention of rooting as it could be risky on this little known model.

53 Rogue Scout Skirmisher, does this grant extra movement?

I am leaning towards no, but here is the situation I am wondering about:

My Rogue is in melee with an opponent. On his turn he disengages, and moves his full movement away from his opponent. The opponent, on their turn, uses their full movement to put themselves within 5 feet of my Rogue again, ending their turn. Can my Rogue then use the Skirmisher ability and move an additional 1/2 speed, or is the reaction e3ssentially wasted because my Rogue has already used his full movement this turn?

OAuth2.0 Grant Type for User Logged In With Google

I have a confusion. So, in OAuth2.0 there are 4 types of Grant (Authorization Code, Password, Client Credentials and Implicit). In my use case, I have two login scenario. The first one is using username and password. In this case it’s clear that I should use Password grant type to give access and refresh token to the user after they send username and password to the auth server.

In the second scenario, I have users logging in by using OAuth Provider like Google, Facebook, Github, etc. In this situation, once the user grant the permission to my application, I will exchange the authorization code with the access token and use this access token later to get the user info like username, email address, etc. My question is, once I get this user info, which grant type that I should use to return access token from my application auth server so that the user has access to their resources in my application?

In this situation, :

  1. I might only have their email address, but password. So, it’s not possible to use password grant type.
  2. client credentials is also not possible because clientID and clientSecret used in this grant type usually belong to a platform like mobile app, web, or any other type of third party application.

any comment will be much appreciated! Thanks

Programmatically grant new versions of my application access to camera and microphone

I have remote machines running my software. I have full control with MDM. I run a video conference application and need access to the camera and microphone.

Every time I push a new version of the software I have to manually approve access to the webcam. Is there something I can do in my install script (maybe with defaults write) to allow access to the webcam?