Authorization Code and Implicit are the two OAuth flows that require user interaction, and explicitly granting permissions for your app based on the scopes you requested. The Auth Code flow is mainly for server-side requests, where as the Implicit flow is for client-side requests, such as a user on a website making requests from that webpage itself.
The User tokens from these flows allow you to use endpoints that require scopes. So if for example you wanted to get the subscriber list for broadcaster_id=1234, you would need user 1234 to go through one of those OAuth flows for your app and it will give you a User Access Token for that user, with the requested scopes.
The Client Credentials flow generates an App token, because it requires no user interaction there is no point at which a user is actually connecting to your app or explicitly agreeing to permissions, so these tokens are mostly used for making requests that do not require any permissions as they are a token that represents your app.