Hello past me. I have come across a working solution:
On start of layout call the function that we define in the scripts.
If there is no Token in the url the global variable access_token will only contain "Bearer ". In that case it will forward to the login-page.
Here is how the Token is read from the url.
window.location.href will return the full url. We slice out the part where the Token starts ("ey") until the part where it ends ("&token_type").
Now we got the Access Token and can use it within the value part of the AJAX: Set request header.