- that is step one, redirect the user to twitch
- they are returned to you with a
?code - and that code needs to be exchanged for an access token.
It sounds like you are not doing step 3:
3) On your server, get an access token by making this request:
POST https://id.twitch.tv/oauth2/token
?client_id=<your client ID>
&client_secret=<your client secret>
&code=<authorization code received above>
&grant_type=authorization_code
&redirect_uri=<your registered redirect URI>