Having trouble with Supabase Auth. Facing trouble with accessing sessions on the backend. React + Flask app

Question

I'm using React on the frontend and Flask on the backend. I'm trying to use Supabase solely for authentication and therefore Supabase Auth is all I'm concerned about. There seems to be a fair bit of documentation if you're doing NextJS and SSR stuff, but otherwise there's practically little at all. I've been using GPT and perplexity to no avail to understand their documentation and trying to solve the issue in general, with no luck. I'm not trying to do anything fancy - I'd be grateful for anyone's help. Thank you. All I'm trying to do is replicate what I was doing earlier with Auth0 (shown below). Upon successful authentication:

Obtain the access token from Supabase

Store the user information in the session (using Flask-Session)

What I was doing earlier with Auth0:

auth_blueprint.route("/callback", methods=["GET", "POST"])
def callback():
token = oauth.auth0.authorize_access_token()
session["user"] = token
//Get the email from the user's session
email = session.get('user').get('userinfo').get('email')

... Current code:

App.js:

const [session, setSession] = useState(null);
  const [user, setUser] = useState("");

  useEffect(() => {
    const { data: authListener } = supabase.auth.onAuthStateChange(
      (event, session) => {
        if (event === "SIGNED_IN") {
          setSession(session);
          callBackend(session);
        }
      }
    );

    return () => {
      authListener.unsubscribe();
    };
  }, []);

  const callBackend = async (session) => {
    try {
      const response = await fetch("http://127.0.0.1:4040/callback", {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
        },
        body: JSON.stringify({ code: session }), 
      });
      const data = await response.json();
      console.log(data);
    } catch (error) {
      console.error("Error calling backend:", error);
    }
  };

Flask backend:

supabase = create_client(supabase_url, supabase_key)

@auth_blueprint.route("/callback", methods=["POST"])
def callback():
    code = request.json.get('code')
    print(code)
    if code:
        try:
            # Exchange the authorization code for a session
            session = supabase.auth.exchange_code_for_session(code)
            user = session.user
            print(f"user: {user}")
            # Perform database operations with the user data
            # ...
            return jsonify({'success': True})
        except Exception as e:
            print(f"Error exchanging code for session: {e}")
    else:
        print("No Authorization Code")
    return jsonify({'success': False})

---

This is a truncated sample of what the "code" returns in my callback function: {'access_token': 'xxx', 'token_type': 'bearer', 'expires_in': 3600, 'expires_at': 1718697729, 're