Handling of Access Tokens

Hello.

I have a client (software) and a server.
I would like to use the client to get and post comments on Twitch (IRC).

For comments, I need an access token.
I think the first place to receive the access token obtained by OIDC is the server to which I am redirecting.
Is it safe to pass the access token to the client after verifying the ID token?

Also, I am planning to update the access token through the server.

Yes, as it’s the users own token.

Thank you.
I’ll use it without any concern.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.