There’s a brief moment where the access code can be seen in the URI on the client side. When I try to do everything in the server I get a lot of cors related problems.
What I did was parse the URI and then send a post request back to the server side to get the access token.
Is there a better way to do this?