The client-side flow is very similar to the server-side flow. It uses the same concept of redirects, and you should make yourself familiar with the server-side flow first. The only difference between the two is the response_type parameter. For the client-side flow it must be set to "token":
Note: Repeated Request and Response parameters will be discarded and only the value of last Request and Response parameter is considered
When Podio redirects back to your app the access token is available immediately as a fragment identifier. The URL looks like this:
Parse the fragment identifier to get the access token.
See Scopes & Permissions for details about the value of granted_scope_string