From 26e6566b0138ead0f19d185b1431a8f0bb242394 Mon Sep 17 00:00:00 2001
From: Ste Vaidis <ste.vaidis@gmail.com>
Date: Sun, 15 Dec 2024 19:11:20 +0200
Subject: [PATCH] Update OAuth2-Front-Approach.md

---
 OAuth2-Front-Approach.md | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/OAuth2-Front-Approach.md b/OAuth2-Front-Approach.md
index 5794d2f..66f3aca 100644
--- a/OAuth2-Front-Approach.md
+++ b/OAuth2-Front-Approach.md
@@ -279,7 +279,11 @@ app.listen(3000, () => {
 
 #### 2.3 Front
 
-The frontend gets the tokens from the backend response, and saves them somewhere secure. Now its ready to use the tokens to get the user data from Google
+The frontend gets the tokens from the backend response, 
+
+and saves them in a cookie marked as `HTTP-only` and `Secure`
+
+Now its ready to use the tokens to get the user data from Google
 
 <details>
 <summary><h3>HTTP Response from Backend to Frontend</h3></summary>
@@ -298,6 +302,22 @@ The frontend gets the tokens from the backend response, and saves them somewhere
 
 
 
+<details>
+<summary><h3>Frontend Code:</h3></summary>
+
+```js
+// Set an HTTP-only, Secure cookie on the backend
+res.cookie('access_token', accessToken, { 
+  httpOnly: true, 
+  secure: true, 
+  maxAge: 3600000  // 1 hour expiry
+});
+```
+
+</details>
+
+
+
 
 <br><br><br>