Thank you.

No, it is not safe to put the client_id and secret in front-end because it is similar to a user name and password. You can use implicit_grant type if it is a JavaScript App. But, still I don’t consider that as secure. You should either use client_credentials for machine-machine communication or Authorization code grant flow for browser based flows.