Hi @jack.cattell,
Thanks for reaching out to the Auth0 Community!
I understand that you’ve encountered the 403 invalid grant and Invalid authorization code error when requesting the /oauth/token endpoint.
This error can happen for a few reasons. The provided authorization code could be invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. This is described in the OAuth 2.0 error code specification RFC 6749 - The OAuth 2.0 Authorization Framework.
I have gone ahead and tried to reproduce the error and was able to by using an expired authorization code. See below:
Given that, I recommend that you identify whether the authorization code you used satisfies one of the reasons mentioned earlier. And then adjust your requests if needed.
Hoped this helps!
Please let me know if there’s anything else I can do to help.
Thank you.