You tried to exchange the ?code for a token again
if you are doing the redirect I descirbed here
That may suggest your redirect is not removing the ?code and your code is trying to code exchange again.
Or you are storing the ?code in your session, instead of the resulting token, and trying to exchange the ?code again, rather than just using the access token generated from the code exchange flow