SPA/CORS connection to Dynamics 365/CRM

I followed this manual Use OAuth with Cross-Origin Resource Sharing to connect a Single Page Application to Dynamics 365

My questions are:
1. Is it possible to make it work WITHOUT Azure?
2. Does this concept even have some real-life utilization (with our without Azure)? Do you know some?

According to my knowledge:
•Dynamics 365 (internal) users should connect into Dynamics 365 UI. Then, they can use custom JS application inside of Dynamics 365 Customer Relationship Management without the need for CORS.
•External users (thru portals, extranets etc.) use server-side web application (e.g. .NET). These users don’t have Dynamics 365 credentials. The credentials (one pair) are securely stored on the server side.

Therefore, it seems it is not usable for external users (they don’t have credentials; credentials cannot be stored securely) and it is useless for internal users (they can use common UI).
3. Is that correct?