I'm not familiar with laravel but the request to the authorization url needs to be requested by the browser to start the OAuth process. On a side note, a state uuid should be generated and temporarily stored for each authorization request to prevent relay attacks and unauthorized access to your application. Even if you're just running your app locally, it's bad practice not to incorporate such a simple mechanism.

From the docs: A list of valid https Redirect URIs for your application. One per line. Limit 1024 characters. Must use https or http://127.0.0.1, not localhost.