stevaidis/dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update OAuth2-Front-Approach.md

Browse Source
This commit is contained in:
Ste Vaidis 2024-12-15 18:59:10 +02:00
parent 6bd4d89180
commit 46ed7541d6
1 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
OAuth2-Front-Approach.md
View File

@ -130,20 +130,6 @@ Content-Type: application/json
</details> </details>
<br><br>
#### 2.2 Backend
1. The backend **receives** the authorization `code` form the frontend POST at `xorismesiti.gr/api/auth/exchange-token`
2. The backend **POST** Authorization `code` to Google API
3. The Google API respond to backend POST with the tokens `access_token` and `refresh_token`
4. The backend **response** to frontends POST with the the tokens
*Security: The backend never expose the client_secret to the frontend. This step should always be handled on the backend.*
<br>
<details> <details>
<summary><h3>Frontend Code</h3></summary> <summary><h3>Frontend Code</h3></summary>
@ -186,6 +172,21 @@ export default Callback;
</details> </details>
<br><br>
#### 2.2 Backend
1. The backend **receives** the authorization `code` form the frontend POST at `xorismesiti.gr/api/auth/exchange-token`
2. The backend **POST** Authorization `code` to Google API
3. The Google API respond to backend POST with the tokens `access_token` and `refresh_token`
4. The backend **response** to frontends POST with the the tokens
*Security: The backend never expose the client_secret to the frontend. This step should always be handled on the backend.*
<br>
<details> <details>
<summary><h3>HTTP POST Request from Backend to Google</h3></summary> <summary><h3>HTTP POST Request from Backend to Google</h3></summary>