you need to put an actual link on the page for the user to click of HTTP request.
You seem to be doing something else, since your shouldn’t XMLHTTPRequest like this
Here is an implicit auth example
https://barrycarlyon.github.io/twitch_misc/authentication/implicit_auth/
And a “regular” oAuth example