Hi Chris,
Connecting to OAuth can be tricky.
I am not an expert on the field of OAuth, but from reading the docs and experience with saml sso i think you need to separate the first call from the last two calls.
The first call should not be a rest call, but a redirect of the user to the given url. The user then logs in and is redirected back to the redirect_uri, which should be a deeplink in your app.
After the user is redirected back, you can do the two rest calls.
Maybe Mike's answer on this question can guide you a little: https://forum.mendix.com/link/questions/95189
I hope this helps.