I’m getting the same error. I’ve verified my client ID, secret, same redirect_uri as the auth request, correct code.
Something must be broken on the backend because the error references http when I’m definitely calling https.
In my case I’m using an app in an active, live HubSpot account. It’s an older app but that isn’t supposed to make a difference.
After some experimentation, I believe this is being caused by using an IP instead of a domain in the redirect_uri.
This will make it somewhat more difficult to test locally, but I’m pretty sure that’s the issue. (For me, at least.)
Okay, I can verify that it was the domain that was the issue. Using an IP as the domain will cause this error.