Never, ever, leak tokens, tokens are like passwords and you should not leak them
You did the first step of user oAuth, threw it out and then got a server to server token instead. (Client credentials)
So in fact you generated a client_credentials token
Such a token doesn’t represent a user, hence the error
See step 3
You are supposed to take the ?code in the URL when the user comes back to your app from Twitch and exchange it for a token.
In our example, your user gets redirected to:
http://localhost/?code=394a8bc98028f39660e53025de824134fb46313
&scope=viewing_activity_read
&state=c3ab8aa609ea11e793ae92361f002671
3) On your server, get an access token by making this request:
POST https://id.twitch.tv/oauth2/token
?client_id=<your client ID>
&client_secret=<your client secret>
&code=<authorization code received above>
&grant_type=authorization_code
&redirect_uri=<your registered redirect URI>