Well for response_type=code when not using OIDC nonce isn’t supported/documented.
It’s state for this flow.
nonce/state are used as a defence against CSRF attacks, so a request/work flow can only be run once and can’t be run again and misdirected to another service.
Further reading is here Cross Site Request Forgery (CSRF) | OWASP Foundation
It shouldn’t really be used for storing/relating the telegramID.
Normally you’d have a user come to your site.
Login with Telegram (if thats supported)
Store data in the session, such as the Telegram ID
Send them off to Twitch
They come back and you recall the data you need from the session.
In this example the TelegramID isn’t “leaked” to Twitch since the state is used to contain the CSRF token, and not the telegramID.