Correct as you would leak your client secret
Either that, or you App calls your server and the server makes the request to Twitch.
No alternatives are available. To call the API requires a token. (Token type will depend on the data being accessed, but public data will work with an App Access/Client Creds token)
Three options:
- None, you can’t call the API
- You ask the user to sign in with Twitch, to get a token to use locally
- Your app connects to your/a server and calls the API using an app access token.
Server is anything web based capabile of recieving a request from a thing, generating and using an App Access Token and calling the API. (Just make sure that you secure the app → server connection as well)