Asssuming Ajax is being used in the front end. And you are trying to remove the server/PHP part

NEVER DO THIS YOU ARE LEAKING YOUR CLIENT SECRET AND GENERATED TOKEN

Since you have PHP your front end should be calling PHP and PHP should be generating/reusing a token and calling the API and returning the result.

If you want to be pure frontend with no server then you need to use implicit auth and ask the user to login to provide a token.

Otherwise someone can steal your ClientID and Secret and abuse them

Thats why all my code examples of things use implict auth, as I only tell you my clientID (which is public) Barry's Live/Testable Twitch examples

So if you are intending to remove PHP/server then you need to use implict auth not client credentials/app access.

Client Creds is for server to server calls and it seems like you are trying to remove the server from what you are doing.

TLDR: You are doing it wrong.