In a “Front-End-Only” situation, you must use the Implicit auth flow.
Your user will have to authenticate with Twitch once every while (30 or 60 days, i forgot just now), then you can save that token in localStorage, for example. That will then allow you to make requests on the client-side to gather the data.
This means you need to redirect the user to the /authorize URL with the proper rediect URL to return to your app afterwards. Then your app checks if a token is present and use/save it. If the token becomes invalid, you can redirect the user and if they have not unauthorized your app, they wont even notice the redirect and will end up back on your website.