So in auth.ts i set up my jwt/session functions to set the bearer token im recieving

jwt({ token, trigger, session, account }) {
      if (trigger === "update") token.name = session.user.name
      if (account?.provider === "discord") {
        return { ...token, accessToken: account.access_token }
      }
      return token
    },
    async session({ session, token }) {
      
      if (token?.accessToken) {
        session.accessToken = token.accessToken
      }
      return session
    },

and then withing one of my react components im doing:

const session = await auth()
 
  // console.log(session)
  if (session && session.user && session.accessToken){
    
    await fetch(`http://localhost:3000/api/get-token`, {
      headers: { "Authorization":  `Bearer ${session?.accessToken}` }
    })
    // console.log(response)
    
  }

this code should be running on my server right? so does that mean that during this session the token is stored on the back end to and the user cant view it?