Twitch uses standard oAuth.
For a user token the steps are, normally
- Construct the authorize URL
- Redirect user offsite to that URL
- user accepts/declines your apps access to their account
- user is returned to your website
- if the user accepted the link you extract the
codefrom the URL - exchange the code for an access/refresh token(s) and store those tokens for use