Just in case anyone else encounters this problem, I found this to be the solution (taken from here https://medium.com/clover-platform-blog/expiring-oauth-tokens-securing-clover-merchant-data-16243b9c00cc):

• 401 failed to validate code*:* In this event, you're likely using the v1 app code URL for the /v2/token endpoint. Be sure to use the updated v2 auth code URL: https://{clover_server}.clover.com/oauth/v2/authorize?client_id={app_id}&redirect_uri=http://{app_site_URL}