I have a client (software) and a server.
I would like to use the client to get and post comments on Twitch (IRC).
For comments, I need an access token.
I think the first place to receive the access token obtained by OIDC is the server to which I am redirecting.
Is it safe to pass the access token to the client after verifying the ID token?
Also, I am planning to update the access token through the server.