Trouble calling /token

Hi,
I am trying to make a post call to get the /token after authorization is done and I received the authorization code

first I have a web application with client_id and a client secret
here is my app in OKTA

second I make the /authorize call

https://{domain}.oktapreview.com/oauth2/auspx13uvj6eHSM9c0h7/v1/authorize?client_id=0oar5j158zAyMnxxxxxxxx&state=evauth&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fsignin-oidc&scope=openid%20groups%20profile%20email&nonce=evnonce&response_type=code

third I receive the code in the redirect uri

http://localhost:5000/signin-oidc?code=uugmS_dIOdvk14rk5PGb&state=evauth

Now I am trying to get the token by calling
https://{domain}.oktapreview.com/oauth2/auspx13uvj6eHSM9c0h7/v1/token?grant_type=authorization_code&redirect_uri=http://localhost:5000/signin-oidc&code=feo2Rf8NW6Jr0HXZtQad&client_id=0oar5j158zAyMnrIO0h7

In the documentation (https://developer.okta.com/docs/reference/api/oidc/#token) client_id is not required parameter
If I don’t pass it in I get the following error

“errorCode”: “invalid_client”,
“errorSummary”: “Invalid value for ‘client_id’ parameter.”,
“errorLink”: “invalid_client”,
“errorId”: “oaeOHRRhicyTY6Vo3VKIBFvvQ”,
“errorCauses”: []

if I pass it in I get the following error

“error”: “invalid_client”,
“error_description”: “Client authentication failed. Either the client or the client credentials are invalid.”

also my application has a client_secret do I need to pass it as well? and if I do I get the following error:

“error”: “invalid_grant”,
“error_description”: “The authorization code is invalid or has expired.”

Any idea what’s going on… am I passing the request correctly I set the Content-Type to application/x-www-form-urlencoded

any help is appreciated.

the /token call requires authentication in this flow and this looks to be missing from your setup based on the available details.
please take a look at the guide on implementing the authorization code flow at https://developer.okta.com/docs/guides/implement-auth-code/exchange-code-token/ to see all the needed parts in this configuration