Your redirect uri must match exactly the one, the user got redirected to. In your case this is 127.0.0.1/oauth2callback
without :3000
.
However, I believe that for Google both uri's needn't to be identical, but at least defined in the developer console, so maybe you could try adding 127.0.0.1:3000/oauth2callback
to your developer console.