codes that are generated when a user goes through the authorization process are restricted in a number of ways. This error means one of two things:
1. The code has expired or has already been used
Codes are single use codes that expire in a relatively short time frame. So when if you’re building an auth flow from scratch and not using something like Omniauth, you will need to be careful to request a new code each time you want to test your
access_token redemption process.
2. The information passed when redeeming the code doesn’t match the authorization values.
You can inspect the token request in your Developer Dashboard and cross reference that against the preceding authorization request
These restrictions help to ensure that
codes don’t end up in the wrong hands.