complete and correct directions for getting Google OAuth to return an access_token and refresh_token

Keywords: google-oauth2

Question: 

I am looking to write a simple "Hello world" application using Google OAuth 2.0, however I have tried all 10 of the first 10 Google hits for "Google OAuth 2.0 tutorial", and for each of them, I followed all of the steps exactly as they were written, but none of them worked. In all of the tutorials, I get as far as submitting a POST request to https://www.googleapis.com/oauth2/v4/token using the values for "code", "client_id", "client_secret", "grant_type" and "redirect_uri" as specified exactly in the tutorials, which is supposed to obtain an access_token and a refresh_token if the directions are correct. But then when I submit the request I get the response:

error "invalid_grant" error_description "Bad Request"

Some of the tutorials have screen captures from Google's UI which are out of date, so it may be that Google made a subtle change which invalidated the old directions.

Rather than copying and pasting the directions from each of the tutorials, so we can go over each one with a fine-toothed comb to figure out what went wrong, it seems more straightforward to just ask: Does anyone have complete and correct directions for an OAuth 2.0 "Hello world" app, to get up to the point where an access_token and a refresh_token are returned by Google?

Answers: