After obtaining a ClientID you then build an oAuth flow.
That oAuth flow is a webpage that users go to
They click a link
That link takes them to Twitch
They accept (or decline) to share data between their twitch account and your Application.
Then depending on the flow they return to your site with a ?code= that you can exchange for an access token, or a #access_token you can then use to make requests with.
This is generally what you do for apps that are pure front end JS you use implict auth and get the #access_token version
If you need to do actions as a user on a server then you use regular oauth and get the ?code= to exchange for an access token (and refresh token) so you can then do “offline processing”
If you are only dealing with public data and have a server, then you generate an app access token and use that for server to server requests. So to lookup user data, a user fills in a form on your website thats posts to your server and the server makes the call to Twitch and processes the response.
So
Is a bit vauge on what you are trying to do.
If you already have a list of users then an App Access Token works on a script/server to collect this data.
If you want people to login to your site and you get that persons data then you need an oAuth flow that logs the user in