Attempting to retrieve user's email, name & gender after a "Sign in with Google" (C#) from the server

Question

I've added the "Sign in with Google" button to my web app. This part is working successfully, when clicked, I'm shown the Google sign in/authorization screen.

Next I taking the return code back from google and am attempting to follow the code sample from a prior answer: https://stackoverflow.com/a/24510353

IAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow(
new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = Secrets,
Scopes = new[] { PlusService.Scope.PlusLogin,
"https://www.googleapis.com/auth/plus.profile.emails.read"  }});    

TokenResponse _token = flow.ExchangeCodeForTokenAsync("", code, "postmessage", CancellationToken.None).Result;

// Create an authorization state from the returned token.
context.Session["authState"] = _token;

// Get tokeninfo for the access token if you want to verify.
Oauth2Service service = new Oauth2Service(
new Google.Apis.Services.BaseClientService.Initializer());

Oauth2Service.TokeninfoRequest request = service.Tokeninfo();
request.AccessToken = _token.AccessToken;
Tokeninfo info = request.Execute();

if (info.VerifiedEmail.HasValue && info.VerifiedEmail.Value)
{
flow = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer                                         {
  ClientSecrets = Secrets,
  Scopes = new[] { PlusService.Scope.PlusLogin }
});

UserCredential credential = new UserCredential(flow,"me", _token);_token = credential.Token;
_ps = new PlusService(new Google.Apis.Services.BaseClientService.Initializer()
{
ApplicationName = "Your app name",
HttpClientInitializer = credential
});

Person userProfile = _ps.People.Get("me").Execute();
}

When the ExchangeCodeForTokenAsync is called, I get an exception "Error:'invalid_grant', Description:'Malformed auth code.', Uri:''"

Truthfully, the code there seems awfully convoluted, surely there's an easier way?

The sample code uses 'postmessage' in the URL parameter, on the off chance it really requires a valid URL, I substituted a valid 'Authorized redirect URI's' from my projects credentials panel, but with the same results.

I've looked at endless posts on both "invalid_grant" & how to retrieve credentials. Vast majority of both are 8+ years old and deal with deprecated code/functions/apis...

Some guidance here would be wonderful!

---

Update to clarify I'm attempting this from the server side. I see many responses indicating using 'GoogleWebAuthorizationBroker' as part of the solution, but this is only from front end code and (per the docs) shouldn't be run on the back end.