Update OAuth2-Backend-Approach.md

OAuth2-Backend-Approach.md

@@ -25,15 +25,15 @@ A way for the `user` to tell `google` to give an access to `myapp` app
 2. Exchange Code with Token
 
     1. Backend **POST** the `code` to Google `https://oauth2.googleapis.com/token`
-    2. Google **response** to Backend with an `access_token` and a `refresh token`
+    2. Google **Response** to Backend with an `access_token` and a `refresh token`
-    3. Backend **redirect** to Frontend `https://myapp/auth/success` with the `access_token` in a `cookie`
+    3. Backend **Redirect** to Frontend `https://myapp/auth/success` with the `access_token` in a `cookie`
 
 3. Use Token
 
     1. Frontend **GET** profile data from Backend `https://myapp/api/auth/profile` using the `cookie`
-    2. Backend **GET** profile data from Google `https://www.googleapis.com/oauth2/v3/userinfo` using the `access_token` from Frontend `cookie`
+    2. Backend **GET** profile data from Google `https://www.googleapis.com/oauth2/v3/userinfo` using the `access_token`
-    3. Google **response** to Backend with profile data
+    3. Google **Response** to Backend with profile data
-    4. Backend **response** to Frontend with profile data
+    4. Backend **Response** to Frontend with profile data
 
 <br><br><br>
 
@@ -132,7 +132,7 @@ Set-Cookie: access_token=ya29.a0AfH6SMC8Op6zkVX-VoA; HttpOnly; Secure; Max-Age=3
   <p>1. Recieves authorization code from Google</p><br>
   <p>2. POST send the authorization code to https://oauth2.googleapis.com/token</p><br>
   <p>3. POST response the access & refresh tokens</p><br>
-  <p>4. Respond the Fronend initial request with a cookie contains the access token</p><br>
+  <p>4. Redirect to Fronend success page with a cookie contains the access token</p><br>
 
 </summary>
 
@@ -144,7 +144,7 @@ app.get('/callback', async (req, res) => {
     // 1. Get the authorization code from Google's redirect
     const { code } = req.query;
     
-    // 2. Exchange the code for tokens
+    // 2. POST the authorization code to Google
     const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
       method: 'POST',
       headers: {
@@ -159,21 +159,18 @@ app.get('/callback', async (req, res) => {
       }),
     });
     
+    // 3. Get Response tokens from Google
     const { access_token, refresh_token } = await tokenResponse.json();
     
-    // 3. Set the HTTP-only cookie with the access token
+    // 4. Redirect to Fronend success page with a cookie contains the access token
     res.cookie('access', access_token, {
       httpOnly: true,              // Cannot be accessed by client-side JavaScript
       secure: true,                // Only sent over HTTPS
       sameSite: 'strict',          // CSRF protection
       maxAge: 24 * 60 * 60 * 1000, // 24 hours
     });
-    
-    // 4. Store refresh token securely in database (recommended)
-    // await db.storeRefreshToken(user_id, refresh_token);
-    
-    // 5. Redirect back to frontend
     res.redirect('https://myapp/authentication-success');
+
   } catch (error) {
     res.redirect('https://myapp/authentication-error');
   }