I don’t understand what you are trying to do with steps 3 and 4. Why do you want to send the tokens back to the user, only for the user to POST them back to your EBS which already has them?
I don’t understand what you are trying to do with steps 3 and 4. Why do you want to send the tokens back to the user, only for the user to POST them back to your EBS which already has them?