If user a hits “yes thats me” in the authorise dialog, you’ll be returned a code for that user.
If user b on the same computer goes to your site and the authorise dialog, they’ll go “oh thats not me, why did my friend leave themelseves logged into their twitch account on my computer” and hit logout to login as themseleves and they be sent back to yoru website with a code for user b
You ave over thinking this security matter.