From 5747b4078a40fab22d6c454a1619fde2dd1e7aa7 Mon Sep 17 00:00:00 2001
From: Ste Vaidis <ste.vaidis@gmail.com>
Date: Tue, 7 Jan 2025 13:38:28 +0200
Subject: [PATCH] Update OAuth2-Backend-Approach.md

---
 OAuth2-Backend-Approach.md | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/OAuth2-Backend-Approach.md b/OAuth2-Backend-Approach.md
index e8cda69..d5a427d 100644
--- a/OAuth2-Backend-Approach.md
+++ b/OAuth2-Backend-Approach.md
@@ -20,7 +20,7 @@ A way for the `user` to tell `google` to give an access to `xorismesiti.gr` app
 1. Get Code
 
     1. Front **GET** to Google `https://accounts.google.com/o/oauth2` with callback url
-    3. Google **302** to Back `https://xorismesiti.gr/api/auth/callback` with authorization code
+    2. Google **302** to Back `https://xorismesiti.gr/api/auth/callback` with authorization code
 
 2. Exchange Code with Token
 
@@ -41,6 +41,9 @@ A way for the `user` to tell `google` to give an access to `xorismesiti.gr` app
 
 # 1. Get Code
 
+1. Front **GET** to Google `https://accounts.google.com/o/oauth2` with callback url
+2. Google **302** to Back `https://xorismesiti.gr/api/auth/callback` with authorization code
+
 ### Front **GET** to Google
 
 ```sh
@@ -63,8 +66,15 @@ Content-Length: 0
 
 *Security: the state string should be validated upon receiving the response from Google, as it ensures that the response corresponds to the request.*
 
+
+
+
 # 2. Exchange Code with Token
 
+1. Back **POST** the `code` to Google `https://oauth2.googleapis.com/token`
+2. Google **response** to Back with an `access_token` and a `refresh token`
+3. Back **response** to Front with the `access_token` in a `cookie`
+
 ### 1. Back **POST** the `code` to Google
 
 The Backend **POST** to Google
@@ -126,9 +136,7 @@ app.get('/auth/google/callback', async (req, res) => {
 });
 ```
 
-
-
-
+# 3. Use Token
 
 ```js
 import React, { useState, useEffect } from 'react';