Handling of Access Tokens


I have a client (software) and a server.
I would like to use the client to get and post comments on Twitch (IRC).

For comments, I need an access token.
I think the first place to receive the access token obtained by OIDC is the server to which I am redirecting.
Is it safe to pass the access token to the client after verifying the ID token?

Also, I am planning to update the access token through the server.

Yes, as it’s the users own token.

Thank you.
I’ll use it without any concern.