You still need a web server, even with the Implicit flow.
Implicit Auth:
Step 1: Send user to the Auth URL. They have to actually go to that URL, you do NOT make a GET or POST request yourself in your python code.
Step 2: The user on the Twitch site will be prompted to approve or deny the connection to your app and the permissions you’re asking for in the scopes.
Step 3: The user will be redirected back to your redirect URI with a token in the url hash. Because this is the Implicit auth flow the URL hash is only accessible within the clients browser and is not passed to your web server, so you will need the page the user is redirected to accessing the token in the hash and passing it to your server, or asking the user to copy/paste the token from the url bar.
Keep in mind the Implicit flow tokens can NOT be refreshed so the user will need to do this roughly every 60 days.
The difference with the Auth Code flow is that in Step 3 the user will be redirected with a code in the querystring params that your web server can natively access and so the server can exchange that code for an Access Token and Refresh token. The access token only lasts about 4 hours but you can use the refresh token to get new tokens programmatically without user needing to auth again.
If this is a one time thing, you could do it without the webserver which will mean when the user redirects to your redirect uri it’ll 404, at which point you would need to ask them to copy the token (if using the implicit flow) or the code (if using the auth code flow) from the URL bar and paste that in your app. It’s not particularly user friendly, and I certainly don’t recommended it for production use if you intend for multiple people to use your app.