Session management in web server (FastAPI)

Im about to create a game server with FastAPI, it will be a turn-based cardgame, so no need for realtime solution. I need to manage mathchmaking and session handling, also i plan to use FastAPI’s security solution and handle authentication(maybe authorization as well) with Oauth2+JWT tokens. So my questions are about these topics.

1. Is there any library fit for session management purpose?

2a. If i write the session management by myself, what practice, solution should i follow?

2b. Being totally new for web server writing im thinking about using the tokens(after authentication) to identify users when a request is made and create “rooms”, so at the beginning, everyone would be in the lobby. But when a match is made a new “room” would be created with some random ID and as long the match is running the identified user request would be processed through/by that “match room”. Does this sound proper/viable?

3. Is using the tokens a good practice for identifying the users?