This mutation accepts:

• code
• auth type
• redirect uri

1. The back-end uses these information(and client_id and client_secret) to fetch access token and store the access token.
2. Back-end fetches user information(from AuthServer) and based on User information, try to lookup the user, if the user is new, we create the user
3. We create session id.
4. Return JWT with session id in the payload.