Also please make sure that when you do send the user to that link, you ONLY use the params that the documentation, https://dev.twitch.tv/docs/authentication/getting-tokens-oauth, specifies.
You are using response_type: token but also including your apps client_secret which should not be used at all with the Implicit auth flow that you’re attempting to use and should NOT be exposed to the user.