github-login | A React Component for GitHub Login | OAuth library

I have implemented passport with GitHub-Strategy. Here's the Glith. It works wonderfully and I'm receiving the user-profile on redirect from GitHub.

Now, I'm only trying to understand how this actually works 'under the hood'. I did not find any similar question here on stackoverflow, neither on Passport.

So if I open Chrome Developer Tools during the Auth-Flow, the following seems to be going on when I click on Login with GitHub:

1. the node route /auth/github is called
2. node redirects to https://github.com/login/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Frightful-exclusive-carriage.glitch.me%2Fauth%2Fgithub%2Fcallback&client_id=ccfcc73fac8223317176
3. the user is presented with GitHub-Login-Page
4. User types in GitHub-credentials and clicks 'Login'
5. GitHub checks the credentials
6. If valid credentials are provided, user is authenticated and GitHub redirects to the registered callback-endpoint, which is in my case: https://rightful-exclusive-carriage.glitch.me/auth/github/callback
7. The callback-url has a url-parameter, e.g. ?code=02337a951c242b9202fd. It's interesting to note, that it's a GET-method and nothing else is provided.
8. On the server, the passport.authenticate('github', ...) method is called inside of the /auth/github/callback-route.
9. When the GithubStrategy is instanciated, a callback-function is passed with the signature function(accessToken, refreshToken, profile, cb). Somehow magically, the accessToken and profile are fully available here. And I don't understand how this happens.

How is passport receiving the profile? Is node.js making a server-side call to GitHub? Maybe with the ?code= ?