Doesn’t have to be a mini application, (like how node runs) can just be PHP scripts or other “normal” web programming/scripts.
An oAuth process can return to local. But if you are working with streamer fred, who is in the US and you live in the UK, (like I do for example), then the oAuth loop returns local to them and that’s no good… (Without building a program that the streamer installs, but then that means you are potentially leaking your client secret)
So it’s easier to run this on a remote server, since then you also can use Twitch Webhooks and your application is always online.
No since step one involves “redirecting the user to Twitch to accept or decline access to your application”
Traditional oAuth isn’t design to operate how you are trying to run it.
TLDR: Run this all on a remote server and you can utilize everything Twitch offers API wise and simplifies getting access keys from streamers you want to work with