To stop a page from being accessible it needs to be behind some kind of check for example.
- Auth with twitch sends
redirect_url - Login page/function captures the redirect
- Query Twitch API for user details
- Create a
sessionthat contains said details - Pages check to see if a
sessionis established
That is pretty much it in psuedo code. @BarryCarlyon did cover this further up! Are you using a framework or plain php?