I would posultate this is to prevent you trying to use an app access token in a frontend application, where you would then leak the app access token.
So in front end apps where a socket makes sense you would use the user token as you can easily obtain a user token from the user.
Sockets feel like they are not intended for use cases where you have an app access token as you would be using the webhook transport instead as app access is for “server to server” communication.