Update OAuth2-Backend-Approach.md

OAuth2-Backend-Approach.md

@@ -20,7 +20,7 @@ A way for the `user` to tell `google` to give an access to `xorismesiti.gr` app
 1. Get Code
 
     1. Front **GET** to Google `https://accounts.google.com/o/oauth2` with callback url
-    3. Google **302** to Back `https://xorismesiti.gr/api/auth/callback` with authorization code
+    2. Google **302** to Back `https://xorismesiti.gr/api/auth/callback` with authorization code
 
 2. Exchange Code with Token
 
@@ -41,6 +41,9 @@ A way for the `user` to tell `google` to give an access to `xorismesiti.gr` app
 
 # 1. Get Code
 
+1. Front **GET** to Google `https://accounts.google.com/o/oauth2` with callback url
+2. Google **302** to Back `https://xorismesiti.gr/api/auth/callback` with authorization code
+
 ### Front **GET** to Google
 
 ```sh
@@ -63,8 +66,15 @@ Content-Length: 0
 
 *Security: the state string should be validated upon receiving the response from Google, as it ensures that the response corresponds to the request.*
 
+
+
+
 # 2. Exchange Code with Token
 
+1. Back **POST** the `code` to Google `https://oauth2.googleapis.com/token`
+2. Google **response** to Back with an `access_token` and a `refresh token`
+3. Back **response** to Front with the `access_token` in a `cookie`
+
 ### 1. Back **POST** the `code` to Google
 
 The Backend **POST** to Google
@@ -126,9 +136,7 @@ app.get('/auth/google/callback', async (req, res) => {
 });
 ```
 
-
+# 3. Use Token
-
-
 
 ```js
 import React, { useState, useEffect } from 'react';