If users login to your site and you use the users token, thats fine.
If you generate an App Access Token and use that, then thats a problem as you are leaking, what is essenitally a password. And you’d have to leak your clietnt secret, to generate the App Access Code in front end code