When using the OAuth 2 code flow like this, using the /oauth2/token endpoint to exchange the authorization code for an access token is the correct and only way to get an access token.
Exactly how you get that authorization code value to the client where you need to make the /oauth2/token call can vary though. As you currently have it, you can have the user manually copy/paste or type the authorization code to the client. Alternatively, the only other way to automate this would be to use a redirect URI in the 'redirect_uri' parameter passed to /oauth2/authorize. If you can't use a redirect URI for some reason, you will need to have the user do this manually.