Manual "code" exchange into access_token with external backend API using Google Provider

[bagusadlan]

the OAuth flow generally has 6 parts:

1. The application requests authorization to access service resources from the user
2. If the user authorized the request, the application receives an authorization grant
3. The application requests an access token from the authorization server (API) by presenting authentication of its own identity, and the authorization grant
4. If the application identity is authenticated and the authorization grant is valid, the authorization server (API) issues an access token to the application. Authorization is complete.
5. The application requests the resource from the resource server (API) and presents the access token for authentication
6. If the access token is valid, the resource server (API) serves the resource to the application

I want to grab code from GET "api/auth/callback/github?code=123" manually, then post it into my external backend API to validate there and get the access_token.

app/api/auth/callback/github/route.ts

import { NextResponse } from 'next/server'

export async function GET(req: Request) {
  const { searchParams } = new URL(req.url)
  const code = searchParams.get('code')
  const redirectTo = searchParams.get('redirectTo') || '/'

  if (!code) {
    return NextResponse.json({ error: 'Code not found' }, { status: 400 })
  }

  const response = await fetch(`${process.env.NEXT_PUBLIC_ENDPOINT}/loginwithgoogle`, {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ code })
  })

  const result = await response.json()

  if (!response.ok) {
    return NextResponse.json({ error: result.error }, { status: 400 })
  }

  const nextAuthCallbackUrl = new URL('/api/auth/callback/google', req.url)

  nextAuthCallbackUrl.searchParams.set('access_token', result.data.token)
  nextAuthCallbackUrl.searchParams.set('redirectTo', redirectTo)

  return NextResponse.redirect(nextAuthCallbackUrl.toString())
}

The fact is, I have no idea where to put fetch to external backend API, in app/api/auth/callback/github/route.ts, Nextjs middleware or next-auth callbacks. All I know is app/api/auth/callback/github/route.ts called first then next-auth callbacks after. If we want to add more to the session (like access_token) we have to do it in next-auth session callbacks.

async session({ token, session }) {
  if (!!token && session.user) {
    session.accessToken = token.accessToken as string
  }

  return session
}

Is anyone know how to do all that? Grab the code and validate manually, add access_token into session, then redirect into page where I passed it when call the login function

import { signIn } from '@/auth'

export async function loginWithGoogle(redirectTo?: string) {
  await signIn('google', { redirectTo })
}

Or should I use a Custom Provider?