Thanks Schiller!
Well, that’s embarrassing. The auth code and access token parts had looked like they were working fine, so when I added the collection query and it didn’t work I assumed it had to be that. It turns out I accidentally introduced a bug into the auth code part at the same time and hadn’t even noticed. One fixed, it all works.
Thanks again for all your help! It’s been invaluable.