I don’t quite understand your code, you seem to be doing things out of order, mixing things from different OAuth flows and request libraries.
From the looks of this you’re trying to get the access token from the URL Hash, yet that’s not the OAuth flow you’re using so there wont be an access token in the URL.
You’ve got a request to the Users endpoint before you’ve even got the access token? After the user is redirected to your redirect URI you’ll only have the code at that point, not an access token.
As for your final request, to the custom rewards endpoint, your arguments are in the wrong order, you’re using axios.post(url, config, data), when it’s expecting axios.post(url, data, config), so you’re getting an OAuth token is missing error because you’re sending your data as the config object (of which none of the fields will actually do anything as there isn’t a title or cost request option.