"If the IUA Authorization Client receives the request from the IUA Authorization Server on the callback URL conveying the authorization code, the Authorization Client SHALL perform the HTTP POST request with the client_id and client_secret in the HTTP authorization header field to resolve the authorization code to the access token."
in https://build.fhir.org/ig/ehealthsuisse/ch-epr-fhir/iti-71.html#expected-actions-1, the term "callback URL" might be misleading and should be changed to "redirect-uri".
"If the IUA Authorization Client receives the request from the IUA Authorization Server on the callback URL conveying the authorization code, the Authorization Client SHALL perform the HTTP POST request with the client_id and client_secret in the HTTP authorization header field to resolve the authorization code to the access token."