Yes of can perform activities on behalf of user if you have an active user's access token.
But this token will expire soon. So may be you can extend this token on the server side, then it will have the expiration of 60 days. But before it expires make sure you refresh the token else it become invalidate again.
Read this documentation to know more about access tokens and its extension.