in short yes.
And you should be using your own ClientID’s/secrets so that you have full control.
At any given point the tools you have used to generate Access Tokens, can disappear or get banned, then all your tokens break because you used someone elses tool
Additionally if you used someone elses tools to generate an access token, you cannot refresh that access token as you don’t have the client secret in order to do so, and thus you have to manually go and do the oAuth flow instead of the automated creating of a new token from the refresh token and client secret