Sorry I know you have plenty of these same topics and I read through them all and can’t seem to figure out what I missing.
Below is my code, but no matter what I do I can’t get past the "Invalid authorization code. The other posts mentioned the token being used already and invalid. I am getting the #access_token and immediately sending it to the backend to then get the access_token. As far as I can tell I am not doing it more than once.
With the Implicit flow, the user will be redirected to your redirect uri with an access token in the URL fragment, ie #access_token=..... That’s the token, there’s no further steps than that. That auth flow is designed for client-side auth as it lasts for about 60 days, but is not possible to refresh and as it’s a URL fragment the client doesn’t automatically pass it to the server, so it is more useful for client-side requests.
The Auth Code flow on the other hand is for server-side requests, when the user is redirected there would be a URL param containing the code, ie ?code=.... That code, being part of the url parameters, is accessible by your server when the user made the request and so the server can then exchange that code for an access token and refresh token. The access token will last about 4 hours but the refresh token will allow you to use the Refresh Token endpoint and so you can programmatically get new tokens without needing the user to go through the process again.