In most cases, it is not recommended to skip the access token flow and allow users to log in with just a password. The access token flow provides an additional layer of security by requiring users to provide a unique token that verifies their identity.

If you were to skip the access token flow, any user who knows the correct email and password could gain access to the account without any further authentication. This can create a security risk for both the user and the application.

However, there may be some situations where you can skip the access token flow. For example, if you are building an internal tool for your company and only your employees will have access to it, you might be able to skip the access token flow since the risk is lower.

Ultimately, whether or not you should skip the access token flow depends on the specifics of your application and the level of security you need to maintain