That looks correct
as per step 1
Sure the redirect URI could be a dead URL that does nothing/has no server at and the broadcaster could copy and paste the ?code to you and you can do the exchange locally, but this is impractical as the TTL on the ?code= isn’t paticuarally long for security reasons.
It’s designed to be instantly exchanged. Not after some time. So this the copy/paste of the code method may be impractical.
It’s not ideal but it may work. it’s just a mess as if the token (and refresh token) dies. The user can’t just go to your website to fix the widget, they have to wait for you to be available to provide the ?code via copy/paste. So there will then be downtime on your widget.