I tried to find some information on how sessions work on an SSO and OAuth2 authorization server from the backend side but couldn’t find specific details. I need this information because I am building my own SSO and OAuth2 authorization server. The only information I managed to find is that they use cookies and an ID token, at least some of them, or access and refresh tokens.