The redirect uri must not have dynamic query string parameters on it per the OAuth specification to guard against tampering by attackers. That’s why the redirect uri you define at Okta for whitelisting must be absolute.
There is a technique to use the state parameter to carry csrf protection (its intended propose) as well as additional information (like where to send the user after the redirection) using jwts.
This approach is outlined here: https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state-09