Exchanging code for token in chrome extension background: 401 response

Trying to implement PKCD flow in a background script of a Chrome extension (manifest v3).

Finally got the authentication code using something like this:

const inputBytes = getRandomBytes();
const verifier = buf2Base64(inputBytes)

windowSha256(verifier).then((shaHash) => {
    const challenge = buf2Base64(shaHash);
    let options = {
        response_type: 'code',
        client_id: config.client_id,
        code_challenge: challenge,
        code_challenge_method: 'S256',
        redirect_uri: config.redirect,
        scope: 'openid profile email',
        audience: config.audience
    let queryString = new URLSearchParams(options).toString();
    let url = `https://${config.domain}/authorize?${queryString}`;
    fetch(url).then((response_) => {
        if (response_) {
            var resultURL = response_.url;
            const code = getParameterByName('code', resultURL);

However when I send that code to the /oauth/token endpoint (with the same redirect URL), I keep getting 401 in response. Note: using the https://domain-name.us.webtask.run/auth0-authentication-api-debugger debugger, the token comes back successfully with the code and verification code generated from the script above.

Here’s what I’m using to request the token:

 let options_token = {
     "grant_type": "authorization_code",
     "client_id": config.client_id,
     "code_verifier": verifier,
     "code": code,
     "redirect_uri": config.redirect
let url_token = `https://${config.domain}/oauth/token/`;
fetch(url_token, {
    method: "POST",
    body: options_token
}).then((res) => {
    //here's the token

Hi Andrew, were you able to solve the problem? I have exactly the same problem.