For normal oAuth the flow is
Step 1 of oAuth is send the user you want to get notifications for to Twitch in a Web Browser to accept of decline the connection of their Twitch account to your Application.
Step 2 they come back to your redirect with a code
Step 3 you exchange the code for an access token and a refresh token
Then you use the access token till it expires.
When it expires, you use the refresh token to get a new access token.
The last part with refreshing you can do that in code until the user disconnects your app, or some other criteria invalidates the refresh token.
So you need a webserver to start with to get the initial access and refresh tokens.
You bot can pull them from chat, chat doesn’t require any special authentication from the broadcaster so the Helix oAuth change makes no difference
But you must of been using the broadcasters access token before this change. All this change does is require all helix endpoints to use a token, but the subscriber endpoints are gated by the broadcasters Twitch oAuth token anyway. So the change shouldn’t of effected you