To follow up on this front, it appears there were two main solutions that helped in you in your quest. I will share them here for public historical data. Please let us know if you have any questions in the future!
-
/authorizeendpoint needed to be called from the browser, and not by the backend. You are able to generate the/authorizeURL and pass it to the browser as a redirect. - The above call will return a
codethat needs to be exchanged for tokens. The/oauth/tokenendpoint used for this purpose should be called from the backend (via Node.js).