Authorization-code flow with React frontend and express backend

I have a React UI backed by a node-express API backend. I’d like to enable authorization-code flow with session management so that my React frontend does not have to know about any JWT’s and client secrets.

What is the ideal flow in this setup and are there code examples I can follow? I created the JWT-based example project but it doesn’t use the more secure auth-code flow.
I got the auth-code flow working when running only the express server but am struggling a bit to fit the UI into the picture correctly.

Thanks for any pointers!