Update OAuth2-Backend-Approach.md

2025-01-08 09:44:02 +02:00 · 2025-01-08 09:44:02 +02:00 · 55ab14313b
commit 55ab14313b
parent 56fa9943b4
1 changed files with 9 additions and 0 deletions
--- a/OAuth2-Backend-Approach.md
+++ b/OAuth2-Backend-Approach.md
@ -141,10 +141,15 @@ Set-Cookie: access_token=ya29.a0AfH6SMC8Op6zkVX-VoA; HttpOnly; Secure; Max-Age=3
 ```js
 app.get('/callback', async (req, res) => {
  try {
+
+    //
    // 1. Get the authorization code from Google's redirect
+    //
    const { code } = req.query;
    
+    //
    // 2. POST the authorization code to Google
+    //
    const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
      method: 'POST',
      headers: {
@ -159,10 +164,14 @@ app.get('/callback', async (req, res) => {
      }),
    });
    
+    //
    // 3. Get Response tokens from Google
+    //
    const { access_token, refresh_token } = await tokenResponse.json();
    
+    //
    // 4. Redirect to Fronend success page with a cookie contains the access token
+    //
    res.cookie('access', access_token, {
      httpOnly: true,              // Cannot be accessed by client-side JavaScript
      secure: true,                // Only sent over HTTPS