The access token isn’t in the URL.
You send the user to this URL that you have shown.
Then they come backt your callback URL with a ?code= query string paramater somewhat like https://www.mycallback.com/login/?code=foo
Then you extract the code and exchange it for a token
You mean GET query parameters right?
Now you take this code and exchange it for a token.
see “Use the authorization code to get a token” in Getting OAuth Access Tokens | Twitch Developers
This in line 32 in my linked PHP example
$ch = curl_init('https://id.twitch.tv/oauth2/token');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'client_id' => CLIENT_ID,
'client_secret' => CLIENT_SECRET,
'code' => $_GET['code'],
'grant_type' => 'authorization_code',
'redirect_uri' => REDIRECT_URI
));
This will exchange the code for an access token.
Revoke is my “logout of my site” function in this example
I have a validate function as a user can leave this example and come back in two days and the session is still valid. So you check the token is still valid and dump the session if it isn’t
You might not need these, this is just a full login/logout one page PHP example