A bot can host a local site to allow the user to go through the OAuth flow and get a token, but it will always require user interaction initially as the user has to accept connecting to that app. Once you have an access token for a user though, the app can use the refresh token to get a new access token when the old one expires without user intervention (unless they revoke the token in the future).
If the bot is open source, with the intent to download and run a copy, as apposed to contributing via PR requests, you would probably, want users to create and apply their own Client ID and Secret keypair in order to not leak your own secrets, for the purpose of generating oAuth tokens/bearers and Refreshes thereof