Problem enabling 3LO for Confluence ACE add-on

I am trying to enable 3LO for my app, as it is a Confluence add-on that calls the Jira REST API from the backend, so the default JWT authentication obviously won’t work (the JWT accessible in the Confluence dynamic content macro is for Confluence only). However, When I redirect the macro’s iframe to the URL specified in the documentation, I get an error page saying “id.atlassian.com refused to connect”. However, when I paste the same redirect URL into the browser directly, I get the below (which seems to be the desired result.

So, it seems that I am constructing the redirect URL correctly, but why is it failing when the redirect occurs within my macro iframe? It would be great if you provided actual code examples with new features you release, like 3LO. The existing documentation has examples from the command line, which makes absolutely no sense as the documentation is for Connect apps.

Thanks!