To get a token directly using an authorization flow, the bot would need to provide a browser or run a web server. The other option would be providing the authorization flow on a separate web server and having the user copy the token into the bot (or having the bot communicate with that web service in some sort of secure manner).