If you’re running the bot on your own computer, and only there, then why would you not be able to store a client secret securely? In that case your computer basicially becomes the server the bot runs on. As long as you don’t distribute the client secret in any form (for example as part of your program, if you wanted others to host the bot themselves) it should be possible to store it so that nobody else can access it. Unless you’re concerned about the security of your computer in general, for example if multiple people have access to it.
Of course the question remains as to how you get authorization in the first place. That really depends. If you just want to get a token of your own account locally, then you could simply use localhost as the redirect URL and either manually get the information from the redirect and paste it into your bot (which will then make the requests using the client secret to get the actual token) or have the bot run a simple webserver on localhost so it can retrieve it automatically. If other people are supposed to authorize the bot to act on their behalf then you’ll need a publicly reachable website as redirect and e.g. store the tokens in a database that your bot (and nobody else) can access in a secure manner. Again, this all is given that you don’t distribute the bot to others, at least not containing any login data. If you wanted others to host the bot themselves they’d have to register their own app on Twitch for it, with their own client secret, and setup their own website.