Seems “correct”
So you’ll need to add some error catching/testing the HTTP response/status code
For a user access token my PHP example might help
is the relevant snippet for converting a code to an access token