In addition to what BarrayCarlon said:
Once you exchanged the “code” for the actual “OAuth2” token, you might want to fetch some basic user information like the Twitch user ID and/or the EMail to be able to uniquely identify the user based on those details.