diff --git a/OAuth2-Front-Approach.md b/OAuth2-Front-Approach.md
index 937fb02..3bee88c 100644
--- a/OAuth2-Front-Approach.md
+++ b/OAuth2-Front-Approach.md
@@ -9,10 +9,10 @@ A way for the `user` to tell `google` to give an access token to `xorismesiti.gr
 1. Frontend **Redirect** the user to Google's OAuth authorization endpoint `accounts.google.com/o/oauth2`
 2. Google **Redirect** the user back to `xorismesiti.gr/callback` including the authorization `code`
 3. Frontend **Send** the authorization `code` to the Backend
-4. Backend **exchange** the authorization `code` for an `access_token` and `refresh token`
-2. **fetch** user profile data from from `googleapis.com/oauth2` using the `access_token` 
-3. **Store** the `tokens` securely in session (front) or a database (back)
-4. **Refresh** the `access_token` if it expires
+4. Backend **Exchange** the authorization `code` for an `access_token` and `refresh token`
+5. Backend **Send** `access_token` and `refresh token` to Frontend
+6. Frontend **Store** `access_token` and `refresh token` to secure cookie
+7. Frontend **Use** `access_token` to get user data from Google
 
 <br><br><br>