By not using implict auth.
if it’s gonna be visible on stream, generally speaking no.
As someone will likely just go revoke it and then you have to make a new one
Then someone revokes it again.
Then you are stuck really
The whole purpose of implict auth is to do auth without a server and show the users own token to themself.