Matching OAuth request to response

Focussing on the authorization_code grant type (server to server) I am confused as to how a client (in this case a web server app) matches a response (positive) to the outgoing request.

The response is a redirect with code in the URL (not interested in the token part yet). How does the web server know who this code belongs to?