OAuth

OAuth authentication + authorization - what happens after receiving an oAuth token?

Good day.
I read tons of documentation, but nowhere is the last stage of the user authentication process disclosed (not to be confused with authorization, which allows access to the user's personal / private data).
For example, there is a bunch: backend -> frontend (SPA) -> oAuth.
The user wants to register \ log in, asks the provider for the oAuth code, the provider gives the code .... in general, as a result, the user receives a token. I figured it out.
But what happens next? As I understand it, Backend knows nothing about the intimate relationship between the user and the supplier.
I have the following guess what is going on. Please confirm/deny/add.
The user (user browser) after receiving the token must send this token towards the backend, with some data received from the oAuth provider (user id?, mail?, name?). The backend checks id?, mail? in the database, if there are no matches, it registers this user. If there is a record in the database - login.
In case the token is dead, does the whole process repeat? Or, after the registration stage, sessions are turned on and the backend periodically updates the token? Due to what \ how in general, in the case of social registration, does the backend support frontend authentication?
Due to a misunderstanding of what happens after user confirmation by the oAuth provider, I can't figure out how to proceed with the following task:
I am writing a SPA and have never set up authentication in SPA yet. I want to make it possible to register a user through Google + I will still need to get authorization for user data in YouTube for SPA, and I don’t understand / don’t know how to do everything right. In the absence of a SPA, everything is done simply - everything is done from the server side.
In the case of SPA, I see several options:
1. User authentication (registration \ login) and authorization of access to YouTube occurs from the SPA. As soon as the user has registered / logged in, we knock on the backend. As soon as the user has given the go-ahead to use YouTube data, we knock on the backend.
2. Do everything from the back end. The user is authenticated through the backend and the backend at the last stage of the oAuth response of the provider itself processes the necessary data. How does the user login. Sessions? In the case of YouTube, the user gives permission to use requests on his behalf not to the browser, but to the backend (here I see a minus - an additional load on the backend, which here acts as a proxy. I see no reason to put it between the browser and YouTube if the browser and Youtube can communicate directly and when done, the browser can send a summary of the work to the backend in one request).
3. Make authentication from the backend, and leave YouTube on the frontend. If this is a normal option, how to build this structure? Pass the token received after authentication from the backend to the frontend, and in the frontend expand the scope of the token to gain access to YouTube? Or don't pass the token, but just tell the user "give me permission to access your YouTube data"?
Please help. It's time to connect Google \ YouTube to the SPA, and I don't know which way to get close.
I want to do this whole construction on Vue (it's time to connect Google \ YouTube) + Django (it's time to understand how to do authentication, i.e. registration \ login) + GraphQL (still at the beginning of the path, because I got carried away by Vue, I really liked it).