Popping the new window is just confusing the matter, as you’ll have faff passing the token from your new window back to the first window.
This snippet will grab and parse the hash
<script>
if (document.location.hash) {
var parsedHash = new URLSearchParams(window.location.hash.substr(1));
if (parsedHash.get('access_token')) {
var access_token = parsedHash.get('access_token');
document.getElementById('access_token').textContent = 'Your Access Key from the #url: ' + access_token;
~snip~
Skip the new window stuff and just have a <a href="LinkToTwitchWithRedirectBack">
I have written a full implicit auth one pager here, that might help
It’s not for OIDC, but “regular” oAuth.
I’ve not played with OIDC via implicit myself, but it’s the same.
The only real difference is validating the JWT which you can’t exactly do client side anyway, since that needs the secret, which you shouldn’t leak publicly, but you’d pass that up to a server for validation if you need to.
You probably don’t even need OIDC here, just request with no scopes, and then use the code I’ve linked to get the user in Client Side code via JS fetch.