I have no idea what’s in the wiki, but yes you need to send a POST request with whatever parameters the OAuth flow you are using requires. That probably means:
-
client_id- your client’s ID -
client_secret- your client’s secret -
code- the authorization code the server returned -
code_verifier- your verifier value if you’re using PKCE (which you should be if your secret is shared at all) -
grant_type- should beauthorization_code -
redirect_uri- where to redirect to