Unable to call `/oauth2/v2.0/token` even with the correct redirect/reply URL

Question

I am following this document and currently stuck at 3rd step, Get a token:

I have no issue with the 2nd step, Get authorization as I could sign in (from the browser) and it responded with the code for the next step (3rd step).

BUT when it gave me the response below when sending a POST request (/common/oauth2/v2.0/token):

{
    "error": "invalid_client",
    "error_description": "AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'afef958a-7070-4b2d-9006-65b28c9aed43'.\r\nTrace ID: 2e478767-2adc-468c-b716-6134ca2d3a04\r\nCorrelation ID: 7117f8d0-2a9f-4110-8257-b32753876afb\r\nTimestamp: 2022-01-06 08:22:48Z",
    "error_codes": [
        50011
    ],
    "timestamp": "2022-01-06 08:22:48Z",
    "trace_id": "2e478767-2adc-468c-b716-6134ca2d3a04",
    "correlation_id": "7117f8d0-2a9f-4110-8257-b32753876afb",
    "error_uri": "https://login.microsoftonline.com/error?code=50011"
}

---

• My request in Postman here
• My Azure config here
• My response on browser here
• My code (PHP):

$response = $client->request(
    "POST",
    "/common/oauth2/v2.0/token",
    [
        "headers" => [
            "Content-Type" => "application/x-www-form-urlencoded",
        ],
        "form_params" => [
            "tenant" => $tenantId,
            "client_id" => $clientId,
            "grant_type" => "authorization_code",
            "scope" => "User.Read",
            "code" => $_GET["code"],
            "redirect_uri" => $replyUrl,
            "client_secret" => $clientSecret,
        ]
    ]
);

---

Note:

• I have tried with Accounts in any organizational directory and Accounts in any organizational directory and personal Microsoft accounts, both of them are giving me the same response
• I am sure the client secret is correct
• I am sure the redirect/reply URL is correct too
• I have done enough research online, but no similar solutions that could solve this issue

Answer 1

This occurs when the login code in your app (js/ts) is not setting the redirectUrl value to something that matches what your app is configured to answer as a redirect Url in your Azure portal. You haven't sent enough code to see what your redirect looks like, but it's not clear why you're doing it by hand (instead of using MSAL), and also why you've tagged this as "microsoft-teams" - this is important because, if you are building a Teams tag, then the usual process is a little different for Teams.

Update: the original question makes it clear now that this is a PHP scenario, which my answer above does not address - fyi to anyone reading this answer.