For Slack in particular, the deal is that new signins return a token that starts with "xoxc", not a token that starts with "xoxs", and that token requires corresponding cookies in order to be accepted. If you're grabbing a token out of the browser, you will also need to get cookies for slack.com and pass them in the client. Last I checked, you only strictly needed the cookie called "d", but you may as well grab all of them.
A bunch of folks who have been using Slack for a long time have saved their xoxs cookie from a couple of years ago and not invalidated their old sessions, and they'll tell you the various clients still work. For a new user who is getting an xoxc token, your client needs a way to pass cookies along with your token. Many of the terminal clients I've seen don't obviously give you a way to pass the cookie.
My company uses the enterprisiest Slack offering (Enterprise Grid, compliance archiving, proxy restrictions, the works) hooked up to Azure AD as the identity provider and previously to Okta via ADFS, and I have working programmatic auth to Slack (leveraging local Kerberos tickets from Windows AD signon). Give me some details on what your auth setup looks like and I can probably help you with it. (I can try to open-source my internal client if it helps, but it's specific in some ways to our setup so it might be easier to just talk you through it.)
A bunch of folks who have been using Slack for a long time have saved their xoxs cookie from a couple of years ago and not invalidated their old sessions, and they'll tell you the various clients still work. For a new user who is getting an xoxc token, your client needs a way to pass cookies along with your token. Many of the terminal clients I've seen don't obviously give you a way to pass the cookie.
My company uses the enterprisiest Slack offering (Enterprise Grid, compliance archiving, proxy restrictions, the works) hooked up to Azure AD as the identity provider and previously to Okta via ADFS, and I have working programmatic auth to Slack (leveraging local Kerberos tickets from Windows AD signon). Give me some details on what your auth setup looks like and I can probably help you with it. (I can try to open-source my internal client if it helps, but it's specific in some ways to our setup so it might be easier to just talk you through it.)