Need to retrieve authorization_code and state that is attached to the redirect_uri call back using Expressjs

Good Afternoon! I will preface this by saying that if this is not possible, I am open to other suggestions.
I am creating a pretty simple invoice application using the MERN stack. I just want to protect my routes on the backend by adding some middleware before the route. I want to do a simple comparison of the header referer URL, but when the page is first redirect it has the authorization code and state to the URL and then when the page is refreshed its the normal URL without the code and state attached. Is there a way to get the state and authorization_code? I also tried to do cookie validation, but the problem with that is the cookie is not given until the redirect is complete, so the middleware kept sending errors.

I am new to the authentication layer of apps, so if there is a better way to do this I am all ears. I was also thinking about using the access token instead and just put the logic to get the access token in the middleware.