diff --git a/OAuth2.md b/OAuth2.md
index 2521f4d..80d2233 100644
--- a/OAuth2.md
+++ b/OAuth2.md
@@ -322,17 +322,31 @@ fetch('/api/user-profile', {
+
+
+
+
# 5. [Backend] Fetch User Data
-If you want to fetch the user profile data (e.g., from Google), your backend can use the `access_token` to request it from Google’s user info endpoint.
+With the access token obtained in the previous step,
+
+your platform can now use it to fetch the user's Google profile and email information.
+
+The token is included in the Authorization header of the request.
HTTP Request
-```bash
+```sh
GET https://www.googleapis.com/oauth2/v3/userinfo
-Authorization: Bearer access-token-from-backend
+Authorization: Bearer ya29.a0AfH6SMC8Op6zXZkHi2XITkDoOVzYXt3hTY6sny54UlWlxrnKlX5Xv78is7BEHekVX-VoA
```
+
+- URL: https://www.googleapis.com/oauth2/v3/userinfo
+- HTTP Method: GET
+- Headers:
+- Authorization: Bearer {access_token}: The access token obtained in step 5.
+
@@ -352,6 +366,8 @@ Authorization: Bearer access-token-from-backend
}
```
+
+
@@ -384,6 +400,9 @@ app.get('/api/user-profile', async (req, res) => {
+
+
+
# 6. [Backend] Token Expiry and Refresh (Optional)
If the access token expires,
@@ -458,109 +477,3 @@ app.post('/api/auth/refresh-token', async (req, res) => {
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```sh
-GET https://xorismesiti.gr/callback?
- code=4/0AX4XfWgNmGZVbV7Kdr8Q9yVyzIYBnbbBdLfX39ZaE8m0w8zT8jKRLl7w-uT8k7WiyLg0Q&
- state=xyz123
-```
-
-- `HTTP` Method: GET
-- `URL`: https://xorismesiti.gr/callback
-- `Parameters`:
- - `code`: The authorization code sent by Google.
- - `state`: The same state value sent in the original request (for CSRF protection).
-
-
-# 4. Access Token Request (Exchange Authorization Code for Token)
-
-Now your platform can use exchange the authorization code for an access token and refresh token.
-
-
-
-
-
-# 5. Access Token Response (Google Returns Tokens)
-
-1. Google validates the request
-2. and returns a response with the access token (which can be used to access the user's Google resources)
-3. and optionally, a refresh token (which can be used to refresh the access token when it expires).
-
-```json
-{
- "access_token": "ya29.a0AfH6SMC8Op6zXZkHi2XITkDoOVzYXt3hTY6sny54UlWlxrnKlX5Xv78is7BEHekVX-VoA",
- "token_type": "Bearer",
- "expires_in": 3600,
- "refresh_token": "1//04d5XHqmn6Hdy3wTf5OYDP1SyBa74zEFURjddQ2A1cFw78PY13pQyWhlD2A6XhDQtKlrjAqU4kS3vGdMvckw",
- "scope": "email profile"
-}
-```
-
-- HTTP Method: 200 OK
-- Response Body:
- - access_token: The access token used for accessing the user's resources (e.g., profile, email).
- - token_type: Usually Bearer, indicating the type of token.
- - expires_in: The lifetime of the access token in seconds (e.g., 3600 seconds = 1 hour).
- - refresh_token: (Optional) The refresh token used to obtain a new access token when the current one expires.
- - scope: The scope of access granted (e.g., email, profile).
-
-
-# 6. Access Protected Resources (Fetching User Profile Data)
-
-With the access token obtained in the previous step,
-
-your platform can now use it to fetch the user's Google profile and email information.
-
-The token is included in the Authorization header of the request.
-
-
-- URL: https://www.googleapis.com/oauth2/v3/userinfo
-- HTTP Method: GET
-- Headers:
-- Authorization: Bearer {access_token}: The access token obtained in step 5.
-
-
-**Request:**
-
-```sh
-GET https://www.googleapis.com/oauth2/v3/userinfo
-Authorization: Bearer ya29.a0AfH6SMC8Op6zXZkHi2XITkDoOVzYXt3hTY6sny54UlWlxrnKlX5Xv78is7BEHekVX-VoA
-```
-
-**Response**
-
-```json
-{
- "sub": "1234567890",
- "name": "John Doe",
- "given_name": "John",
- "family_name": "Doe",
- "profile": "https://plus.google.com/1234567890",
- "picture": "https://lh3.googleusercontent.com/a-/AOh14GgIXXl5JXzW0c1Szbl-e1Jch1vhl5rHhH65vlK6J5g5PqkGjj1O0p3t8bgVEOykQ6ykFSQ=s96",
- "email": "john.doe@example.com",
- "email_verified": true,
- "locale": "en"
-}
-```
-
-
-