You could use implicit auth
This doesn’t need a Client Secret and will allow you to make requests to “access restricted” end points and doesn’t require a “backend”
Without a backend you’d have to expose your Client Secret in order to generate a App Access Token (no user auth for server to server requests), or a User Access Token.
Which you can’t do in a pure Front End application due to Client Secret leaking.