From 0c73a3da15c1261e4b79d164ebcc735764ea4fc7 Mon Sep 17 00:00:00 2001
From: Ste Vaidis <ste.vaidis@gmail.com>
Date: Tue, 7 Jan 2025 12:48:13 +0200
Subject: [PATCH] Update OAuth2-Backend-Approach.md

---
 OAuth2-Backend-Approach.md | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/OAuth2-Backend-Approach.md b/OAuth2-Backend-Approach.md
index 7f65793..5eee6b5 100644
--- a/OAuth2-Backend-Approach.md
+++ b/OAuth2-Backend-Approach.md
@@ -18,23 +18,22 @@ A way for the `user` to tell `google` to give an access to `xorismesiti.gr` app
 
 1. Get Code
 
-    1. Frontend **Redirect** the user to Google's OAuth authorization endpoint `https://accounts.google.com/o/oauth2`
-    2. User **Login in** to Google and grant permissions
-    3. Google **Redirect** the user back to callback url including the authorization code and a random_state_value `https://xorismesiti.gr/callback?code=ABCD&state=XYZ` 
+    1. Front **GET** to Google `https://accounts.google.com/o/oauth2` with callback url
+    3. Google **302** to Front `https://xorismesiti.gr/callback` with authorization code
 
 2. Exchange Code with Token
 
-    1. Frontend **POST** the authorization `code` to the Backend
-    2. Backend **POST** the authorization `code` to Google
-    3. Google **response** to Backend with an `access_token` and a `refresh token`
-    4. Backend **response** to Frontend with the `access_token` in a **cookie**
+    1. Front **POST** the `code` to the Back `https://xorismesiti.gr/api/auth/exchange-token`
+    2. Back **POST** the `code` to Google `https://oauth2.googleapis.com/token`
+    3. Google **response** to Back with an `access_token` and a `refresh token`
+    4. Back **response** to Front with the `access_token` in a `cookie`
 
 3. Use Token
 
-    1. Frontend **GET** profile data from Backend using the **cookie**
-    2. Backend **GET** profile data from Google using the `access_token` from Frontend **cookie**
-    3. Google **response** to Backend with profile data
-    4. Backend **response** to Frontend with profile data
+    1. Front **GET** profile data from Back using the `cookie`
+    2. Back **GET** profile data from Google using the `access_token` from Front `cookie`
+    3. Google **response** to Back with profile data
+    4. Back **response** to Front with profile data
 
 <br><br>
 
@@ -45,8 +44,6 @@ A way for the `user` to tell `google` to give an access to `xorismesiti.gr` app
 
 
 
-
-
 ### OAuth2 Standar Flow:
 
 1. **User** clicks button "Login with Google" on your platform `xorismesiti.gr`