The client-side flow is very similar to the server-side flow. It uses the same concept of redirects, and you should make yourself familiar with the server-side flow first. The only difference between the two is the response_type parameter. For the client-side flow it must be set to "token":
When Podio redirects back to your app the access token is available immediately as a fragment identifier. The URL looks like this:
Parse the fragment identifier to get the access token.
See Scopes & Permissions for details about the value of granted_scope_string