The oAuth dance occurs as follows:
- User goes to your website
- User clicks login
- Send user to Twitch
- User auths the app
- User is redirected to the specified URL
- You grab the code and exchange it for a token
- You use the token for API Requests.
For your question I assume you refer to the step 5 redirect URL. That would be the page that is expecting a ?code=foo to perform the login functions and code/token exchange.
So that would be page on your website. https://example.com/somecallback for example