From 4a19830f6ca346cf048bf71cc48b7ada5e724399 Mon Sep 17 00:00:00 2001 From: Ste Vaidis Date: Sun, 15 Dec 2024 19:32:05 +0200 Subject: [PATCH] Update OAuth2-Front-Approach.md --- OAuth2-Front-Approach.md | 43 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/OAuth2-Front-Approach.md b/OAuth2-Front-Approach.md index ba0a891..8ae234b 100644 --- a/OAuth2-Front-Approach.md +++ b/OAuth2-Front-Approach.md @@ -403,16 +403,20 @@ const fetchUserData = async (accessToken) => {


+ + + + # 5. Refresh the Token ### Frontend ⇢ Backend ⇢ Google ⇢ Backend ⇢ Frontend
-If the access token is expired, the frontend will receive an error response from Google when attempting to fetch user data +If the access token is expired, the frontend will receive a response error from Google when attempting to fetch user data
-

HTTP GET Request from Frontend to Google

 +

HTTP GET Request from Frontend to Google (with expires token)

 ```bash GET https://www.googleapis.com/oauth2/v3/userinfo @@ -435,14 +439,47 @@ Authorization: Bearer ACCESSTOKEN6zXZkHi2XITkDoOVACCESSTOKEN
-

HTTP POST Refresh token from Frontend to Backend

 +

HTTP POST Request from Frontend to Backend (with refresh token)

 ```bash +POST /api/refresh-token HTTP/1.1 +Host: your-backend-domain.com +Content-Type: application/json +Authorization: Bearer (optional, depends on the backend) +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 +Accept: application/json +Origin: https://your-frontend-domain.com +Connection: keep-alive +Content-Length: 57 +{ + "refresh_token": "REFRESHTOKEN6zXZkHi2XITkDoOVREFRESHTOKEN" +} ```
+ +
+

HTTP POST Response from Backend to Frontend (with new access token)

 + +```json +HTTP/1.1 200 OK +Content-Type: application/json +Content-Length: 123 +Cache-Control: no-store +Pragma: no-cache + +{ + "access_token": "new-access-token-here", + "expires_in": 3600, + "token_type": "bearer" +} +``` + +
+ +

Frontend Code