We can’t provide much support for third party libraries. Based on the error, I’m guessing this is doing the authorization code flow instead of implicit grant. It’s likely not submitting a POST to the correct endpoint as described in our docs.
One thing I would caution is that this seems to rely on storing your client secret in plaintext inside of JavaScript. That’s a big security flaw. There is a GitHub issue opened talking about this.
-D