Can i use App Token with no scope on client side

Yup, or have the user login