From 1e5de60d1e8e33764a525ca0d4b055a8d7d53c9d Mon Sep 17 00:00:00 2001
From: Ste Vaidis <ste.vaidis@gmail.com>
Date: Sun, 15 Dec 2024 09:46:34 +0200
Subject: [PATCH] Update OAuth2.md

---
 OAuth2.md | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/OAuth2.md b/OAuth2.md
index c483632..3d5d12f 100644
--- a/OAuth2.md
+++ b/OAuth2.md
@@ -22,8 +22,26 @@ GET https://accounts.google.com/o/oauth2/v2/auth?
 
 # 2. User Login and Consent
 
--The user is redirected to Google's login page.
--If they're not already logged in, they will be prompted to enter their Google credentials.
--After successful login, the user will be shown a consent screen where they can grant or deny permission for your app to access their Google account (e.g., email and profile information).
+- The user is redirected to Google's login page.
 
-**User Action**: The user clicks "Allow" to grant access.
\ No newline at end of file
+- If they're not already logged in, they will be prompted to enter their Google credentials.
+
+- After successful login, the user will be shown a consent screen where they can grant or deny permission for your app to access their Google account (e.g., email and profile information).
+
+**User Action**: The user clicks "Allow" to grant access.
+
+# 3. Authorization Code Response (Google Redirects to Your Platform)
+
+Google redirects the user back to your platform's redirect_uri `https://xorismesiti.gr/callback` with an authorization_code in the query parameters.
+
+`URL`: https://xorismesiti.gr/callback
+`HTTP` Method: GET
+`Parameters`:
+`code`: The authorization code sent by Google.
+`state`: The same state value sent in the original request (for CSRF protection).
+
+```sh
+GET https://xorismesiti.gr/callback?
+    code=4/0AX4XfWgNmGZVbV7Kdr8Q9yVyzIYBnbbBdLfX39ZaE8m0w8zT8jKRLl7w-uT8k7WiyLg0Q&
+    state=xyz123
+```
\ No newline at end of file