Securing separate web api using next-auth session

I buillt a WebApp using next-auth.js with Okta. I have a second Rest Api in c# (.net core) that I would like to protect, how may I use the same session?

Hi @Gabbou. Are you granting an access token to your users in your next-auth.js app? If I am understanding your use-case correctly, you should be able to validate against that access token (passed in your Authorization: Bearer <token> header) in your C# code with something like this:

It is a session token in next-auth.session-token, does it validate session token as well?
This session token is in a httpOnly cookie, so I cannot edit it from the client, but I can read it on me server