Okta API - Credential operations via OAuth2 token

Hi, I am trying to change a user´s password via the okta API: https://developer.okta.com/docs/reference/api/users/#change-password

I was trying to access the api via the accessToken that I received by the user´s login. But as I read it seems that the API for all Credential operations is still not available via bearer tokens. Instead we should use an extra SSWS Api token, generated in the admin console.

As I understand, it is not recommended to keep the api token in the client (SPA) because of security reasons. But do I really have to implement an server proxy endpoint doing this?

Is there a better way doing this or when will this be supported by default accessTokens we already get by the logged in users?

Thanks,
Mana