Authentication is covered here:
Step 1) Redirect user to Twitch, with scopes attached.
Step 2) User comes back to your website with a code (or an error)
Step 3) You exchange the code for an access token via POST request
Step 4) You now have your oAuth for making requests
You need a page that access GET requests, to show a button to send the user to Twitch, and then that page needs to accept GET requests, to receive the query string code and perform the POST request and store the resulting keys (access token and refresh tokens if you intend to refresh)