That is the correct and only way that implicit auth works.
User seeing their own oauth is fine, as it’s theirs. Additionally, an implicit auth usually has a shorter validity and no way to refresh it.
2 Likes