Twitch Connect confusion

This means you used the Implict Flow instead of the authorization code flow

So for OIDC you want

OIDC authorization code flow - Using OIDC to get OAuth Access Tokens | Twitch Developers

NOT

OIDC implicit code flow - Using OIDC to get OAuth Access Tokens | Twitch Developers

Becuase OIDC returns a JWT, and a JWT is exactly that, three sections seperated by a . where each section is base64 decodable

4) We respond with a JSON-encoded access token and an ID token. The payload of the JWT that is returned includes several default claims about the OIDC ID token, plus any additional claims you requested:

iss – Token issuer (Twitch)
sub – Subject or end-user identifier
aud – Audience or OAuth 2.0 client that is the intended recipient of the token
exp – Expiration time (note that when the JWT ID tokens expire, they cannot be refreshed)
iat – Issuance time
nonce – Value optionally specified in the request

See https://jwt.io/ for more on JWT’s

Here is a nodeJS example I wrote for OIDC Code Flow

It covers how to do the flow and to use the data from Twitch’s openid-configuration to get a full user payload from the specified userinfo_endpoint