Our .NET SDK (or OWIN) will handle this part of the flow for you, making the authorize request, taking the authorization_code returned back to the redirect_uri and using it to get tokens. Your application only needs the authorization code to complete this exchange/transaction and after that the tokens will be used.
Once your application has these tokens, it will use them as part of the application session, to get information about the user from the /userinfo endpoint, and potentially send them as a bearer token to a resource server. See OAuth 2.0 and OpenID Connect Overview | Okta Developer