Yes, if the access token is kept in Local/Session Storage.

If the extension can read cookies that would be also correct for access tokens kept in cookies.