From 6ef8e13c709e2d96076a0f899d02174ce5ff38a4 Mon Sep 17 00:00:00 2001
From: Ste Vaidis <ste.vaidis@gmail.com>
Date: Sun, 15 Dec 2024 09:54:22 +0200
Subject: [PATCH] Update OAuth2.md

---
 OAuth2.md | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/OAuth2.md b/OAuth2.md
index d1868a7..d342f74 100644
--- a/OAuth2.md
+++ b/OAuth2.md
@@ -40,9 +40,40 @@ GET https://xorismesiti.gr/callback?
     state=xyz123
 ```
 
-- `URL`: https://xorismesiti.gr/callback
 - `HTTP` Method: GET
+- `URL`: https://xorismesiti.gr/callback
 - `Parameters`:
     - `code`: The authorization code sent by Google.
     - `state`: The same state value sent in the original request (for CSRF protection).
 
+
+# 4. Access Token Request (Exchange Authorization Code for Token)
+
+Now that your platform has the authorization code, 
+
+it sends a POST request to Google's token endpoint 
+
+to exchange the authorization code for an access token and refresh token.
+
+- `HTTP` Method: POST
+- `URL`: https://oauth2.googleapis.com/token
+- `Headers`:
+    - `Content`-Type: application/x-www-form-urlencoded
+- `Body` Parameters:
+    - `grant_type`=authorization_code: This specifies the grant type.
+    - `code`: The authorization code you received in the previous step.
+    - `redirect_uri`: The same redirect URI used in the authorization request.
+    - `client_id`: Your Google API client ID.
+    - `client_secret`: Your Google API client secret (which should be kept secure).
+
+
+```sh
+POST https://oauth2.googleapis.com/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=authorization_code&
+code=4/0AX4XfWgNmGZVbV7Kdr8Q9yVyzIYBnbbBdLfX39ZaE8m0w8zT8jKRLl7w-uT8k7WiyLg0Q&
+redirect_uri=https://xorismesiti.gr/callback&
+client_id=YOUR_GOOGLE_CLIENT_ID&
+client_secret=YOUR_GOOGLE_CLIENT_SECRET
+```
\ No newline at end of file