After doing the authorize call, you are returned to your server.
You must then take the code passed and exchange to code for a token.
Then you must use the token as OAuth in the requests.
Further more your PHP is wrong try this:
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization: OAuth '.$code,
‘Accept: application/vnd.twitchtv.v5+json’,
‘Content-Type: application/json’,
'Client-ID: '.$clientid
));
You were only setting ONE header containing the clientID. The first three are overwritten