When I try to obtain an access token for my app, instead of returning a

{ "access_token": "{{token}}", "scope": "{{scopes}}" },

I get a redirect:

(response code: 303)

<html><body>You are being <a href="https://{{shop}}.myshopify.com/admin/auth/login">redirected</a>.</body></html>.

My request is:

POST

https://{{shop}}.myshopify.com/admin/oath/access_token

Body:

{
"client_id": "{{app_key}}",
"client_secret": "{{app_secret}}",
"code": "{{authorization_code}}"
}

What am I doing wrong here?