I’m VERY new to using the GMAIL API, and I’m just running the Javascript sample code that google provides. Here it is:

<!-- https://www.youtube.com/watch?v=Husi40BTo-s -->

<!DOCTYPE html>
<html>

<head>
    <title>Gmail API Quickstart</title>
    <meta charset="utf-8" />
</head>

<body>
    <p>Gmail API Quickstart</p>

    <!--Add buttons to initiate auth sequence and sign out-->
    <button id="authorize_button" onclick="handleAuthClick()">Authorize</button>
    <button id="signout_button" onclick="handleSignoutClick()">Sign Out</button>

    <pre id="content" style="white-space: pre-wrap;"></pre>

    <script type="text/javascript">
        /* exported gapiLoaded */
        /* exported gisLoaded */
        /* exported handleAuthClick */
        /* exported handleSignoutClick */

        // TODO(developer): Set to client ID and API key from the Developer Console
        const CLIENT_ID = 'HIDDEN';
        const API_KEY = 'HIDDEN';

        // Discovery doc URL for APIs used by the quickstart
        const DISCOVERY_DOC = 'https://www.googleapis.com/discovery/v1/apis/gmail/v1/rest';

        // Authorization scopes required by the API; multiple scopes can be
        // included, separated by spaces.
        const SCOPES = 'https://www.googleapis.com/auth/gmail.readonly';

        let tokenClient;
        let gapiInited = false;
        let gisInited = false;

        // document.getElementById('authorize_button').style.visibility = 'hidden';
        // document.getElementById('signout_button').style.visibility = 'hidden';

        /**
         * Callback after api.js is loaded.
         */
        function gapiLoaded() {
            gapi.load('client', initializeGapiClient);
        }

        /**
         * Callback after the API client is loaded. Loads the
         * discovery doc to initialize the API.
         */
        async function initializeGapiClient() {
            await gapi.client.init({
                apiKey: API_KEY,
                discoveryDocs: [DISCOVERY_DOC],
            });
            gapiInited = true;
            maybeEnableButtons();
        }

        /**
         * Callback after Google Identity Services are loaded.
         */
        function gisLoaded() {
            tokenClient = google.accounts.oauth2.initTokenClient({
                client_id: CLIENT_ID,
                scope: SCOPES,
                callback: '', // defined later
            });
            gisInited = true;
            maybeEnableButtons();
        }

        /**
         * Enables user interaction after all libraries are loaded.
         */
        function maybeEnableButtons() {
            if (gapiInited && gisInited) {
                document.getElementById('authorize_button').style.visibility = 'visible';
            }
        }

        /**
         *  Sign in the user upon button click.
         */
        function handleAuthClick() {
            tokenClient.callback = async (resp) => {
                if (resp.error !== undefined) {
                    throw (resp);
                }
                document.getElementById('signout_button').style.visibility = 'visible';
                document.getElementById('authorize_button').innerText = 'Refresh';
                await listLabels();
            };

            if (gapi.client.getToken() === null) {
                // Prompt the user to select a Google Account and ask for consent to share their data
                // when establishing a new session.
                tokenClient.requestAccessToken({ prompt: 'consent' });
            } else {
                // Skip display of account chooser and consent dialog for an existing session.
                tokenClient.requestAccessToken({ prompt: '' });
            }
            console.log('hello world');
        }

        /**
         *  Sign out the user upon button click.
         */
        function handleSignoutClick() {
            const token = gapi.client.getToken();
            if (token !== null) {
                google.accounts.oauth2.revoke(token.access_token);
                gapi.client.setToken('');
                document.getElementById('content').innerText = '';
                document.getElementById('authorize_button').innerText = 'Authorize';
                document.getElementById('signout_button').style.visibility = 'hidden';
            }
        }

        /**
         * Print all Labels in the authorized user's inbox. If no labels
         * are found an appropriate message is printed.
         */
        async function listLabels() {
            let response;
            try {
                response = await gapi.client.gmail.users.labels.list({
                    'userId': 'me',
                });
            } catch (err) {
                document.getElementById('content').innerText = err.message;
                return;
            }
            const labels = response.result.labels;
            if (!labels || labels.length == 0) {
                document.getElementById('content').innerText = 'No labels found.';
                return;
            }
            // Flatten to string to display
            const output = labels.reduce(
                (str, label) => `${str}${label.name}n`,
                'Labels:n');
            document.getElementById('content').innerText = output;
        }
    </script>
    <script async defer src="https://apis.google.com/js/api.js" onload="gapiLoaded()"></script>
    <script async defer src="https://accounts.google.com/gsi/client" onload="gisLoaded()"></script>
</body>

</html>

I’ve authenticated my local host, and I’ve provided my CLIENT_ID and API_KEY. I’m able to log in fine. However, it doesn’t redirect to the page I’ve set up as my Authorized redirect URIs. On the main page, I get an “undefined()” message and the following error in the console:

Cross-Origin-Opener-Policy policy would block the window.opener call.
GET https://content-gmail.googleapis.com/gmail/v1/users/me/labels?key=HIDDEN 400 (Bad Request)

I’ve hidden everything that’s private but I don’t understand what I’ve done wrong. Why am I getting this error?