With the Auth Code flow, after the user agrees to connect to your app they are sent to your server with a code in the querystring, your backend server will need to exchange this code to get an Access Token and Refresh Token, with the access token being used to make API requests and the refresh token to get a new set of tokens when they expire.
If you use the Implicit auth flow, this’ll return an Access Token in the url hash, which you can use in the frontend, or have your frontend pass it to your server, make API requests but this flow doesn’t include refresh tokens so the user would need to go through the auth process each time they expire.