“open-source software”?
No you need any valid oAuth token
And then when sending API requests you send a
- Client-ID
- Any oAuth token
as headers
The “best” solution here, is your React front end, calls your React backend and the React back end caches/performs the relevant Twitch API requests and managers it’s own secrets/tokens.
Then your frontend won’t leak any tokens at all as it’s only calling itself