I am building a frontend with next.js right now, which authenticates with GitHub OAuth using next-auth.

Next-auth handles all the authentication including the session and saves all that into a database, in my case a Postgres DB.

I now also want to connect my frontend to a spring boot backend server via REST API, which handles some file access. I could simply include the session token into the authorization header and connect my backend to the Postgres DB also and check if a session with this token exists.

But this approach seems not right. What is the best way to secure my backend here? How can my backend check if the user is logged in with GitHub?