The server side API isn't designed for use with client side code. You should avoid exposing any API keys in your client code since anyone who finds it will be able to make API calls on your behalf.
I think what you're looking for is some kind of "Log in with itch.io" feature, we don't have anything like that yet. The current server side api for fetching a user is limited right now, and most people are using the call to verifies if someone owns a game. I do want to add a OAuth login API at some point (we have one internally, it just isn't publicly available yet)