Both of them has to be auth isn’t it ? 
- My bot has to have a token to connect it to the streamers channels.
- My user can auth from the website with twitch and from a dashboard page add the bot with a click of a button.
Following this example of tmi.js
const tmi = require('tmi.js');
const client = new tmi.Client({
options: { debug: true },
identity: {
username: 'my_bot_name',
password: 'oauth:my_bot_token'
},
channels: [ 'my_name' ]
});
client.connect();
In this example, is the my_bot_token equal to the ?code you are reffering to ? In this case it means, every streamer will send his token to the client.
This looks okay to me, but in this part
I do not see the utility of transmitting the code to the backend for the bot because the bot will be already launched with it’s proper token ?