This likely indicates that the code which is a one use code has already been used to be exchanged for an access code.
Since you have this hardcoded rather than fetching it from query string parameters.
Addititionally your JS code indicates (DomContentLoaded) that you appear to be doing a code to token exchange in the front end, which will leak you private client_secret to the world.