I'm setting up the WhatsApp/Meta embedding tool and trying to make it automatically set up everything automatically for programmatic receiving and sending messages to WhatsApp.

The issue I'm facing is that I'm not a valid client code after successful . These are all the steps my application is taking:

Allowing the user to go through the embedding tool At the end, I receive a token from the embedding tool I want to trade it in that token, for an access token but facebook graph api throw an error saying "Malformed access token" or "This authorization code has expired".

     window.addEventListener('message', (event) => {         if (event.origin !== "https://www.facebook.com" && event.origin !== "https://web.facebook.com") {             return;         }         try {             const data = JSON.parse(event.data);             if (data.type === 'WA_EMBEDDED_SIGNUP') {                 // if user finishes the Embedded Signup flow                 if (data.event === 'FINISH') {                     const {                         phone_number_id,                         waba_id                     } = data.data;                     console.log("Phone number ID ", phone_number_id, " WhatsApp business account ID ", waba_id);                     // if user cancels the Embedded Signup flow                 } else if (data.event === 'CANCEL') {                     const {                         current_step                     } = data.data;                     console.warn("Cancel at ", current_step);                     // if user reports an error during the Embedded Signup flow                 } else if (data.event === 'ERROR') {                     const {                         error_message                     } = data.data;                     console.error("error ", error_message);                 }             }             document.getElementById("session-info-response").textContent = JSON.stringify(data, null, 2);         } catch {             console.log('Non JSON Responses', event.data);         }     });          const fbLoginCallback = (response) => {         if (response.authResponse) {             const code = response.authResponse.code;             // The returned code must be transmitted to your backend first and then             // perform a server-to-server call from there to our servers for an access token.             FB.api(                 "/debug_token?input_token=" + code,                 function (response) {                     if (response && !response.error) {                         /* handle the result */                         console.log(response);                         console.log('here12')                     }                      }             );         }         document.getElementById("sdk-response").textContent = JSON.stringify(response, null, 2);          }          const launchWhatsAppSignup = (e) => {         event.preventDefault();              // Launch Facebook login         FB.login(fbLoginCallback, {             config_id: '1707717083377865', // configuration ID goes here             response_type: 'code', // must be set to 'code' for System User access token             override_default_response_type: true, // when true, any response types passed in the "response_type" will take precedence over the default types             scope: "business_management, whatsapp_business_management, whatsapp_business_messaging",             extras: {                 setup: {},                 featureType: '',                 sessionInfoVersion: '2',             }         });     }     window.fbAsyncInit = function () {         FB.init({             appId: '521724357037484',             autoLogAppEvents: true,             xfbml: true,             version: 'v20.0'         });     };