Step 1 of oAuth is redirect the user to Twitch, you seem to be trying to use Postman to GET that URL instead.
You have to do this manually for your Chat bot initially/once.
Then refreshing can be automated, until the refresh token dies/is disabled for whatever reason
You seem to be using twitchapps generator not your own.
You seem to be trying to fetch the URI instead of redirecting the user, this will result in weirdness and the CSRF error as step 1 is redirect the user to Twitch.