Oauth2 flow in WooCommerce Plugin

I am trying to create a WordPress Plugin that follows an OAuth2 flow. This plugin is a payment module for use on WooCommmerce, with a shopper clicking on a link to login to their payment account, an authentication modal opening, and then the shopper can proceed to checkout.

More specifically, here is my current flow:

1) The user clicks on the authentication link
2) A modal opens with the OAuth link for logging in (using an iframe)
3) The user authenticates, and the callback URL (or Redirect URI) is currently set to a callback.php file, so within the modal, a successful authentication redirects the user to the callback.php file, with the authorization token attached to the url parameters
4) The callback.php file, upon visit, checks for the authorization token in its URL, and then submits a token exchange per OAuth2.
5) Once the token exchange is complete, the bearer token that is obtained from token exchange is passed to the main plugin php file via a PHP Session.
6) When this bearer token is detected, the cart updates to display that the authentication was successful
7) The user presses the “Make Payment” button and in the transaction, the bearer token is used to submit a payment using the API.

I submitted this plugin to WordPress; however, they informed me that I must use wp_get and wp_post while making requests, and that I may not include any wordpress files in my callback.php. I am unsure how I can do the token exchange without including WordPress files in my callback.php file.

Thanks in advance for the help.