Thanks! Based on the code you shared, I see that you're using the "code" flow (i.e., 'response_type=code'). For the code flow, only "https://" is allowed in the redirect URI (unless on localhost), so "myapp://" wouldn't be allowed.
Instead, for client-side applications like this, you should use the "token" flow, i.e., 'response_type=token'. That does allow custom URL schemes in redirect URIs, such as "myapp://".