You shouldn’t be GETting or POSTing or HEADing at all
You need to be redirecting the user to Twitch to accept or deceline your apps access to their account.
Like in this implicit auth example
https://barrycarlyon.github.io/twitch_misc/authentication/implicit_auth/
Step 1) Redirects you to Twitch.
Step 2) Accept or decline
Step 3) you come back with an access token or an error message
With regular oAuth, like what you are doing
Step 1) Redirects you to Twitch.
Step 2) Accept or decline
Step 3) user comes back with a ?code or an error message
Step 4) Exchange the ?code for an access and refresh token