Update OAuth2.md

OAuth2.md

@@ -40,9 +40,40 @@ GET https://xorismesiti.gr/callback?
     state=xyz123
 ```
 
-- `URL`: https://xorismesiti.gr/callback
 - `HTTP` Method: GET
+- `URL`: https://xorismesiti.gr/callback
 - `Parameters`:
     - `code`: The authorization code sent by Google.
     - `state`: The same state value sent in the original request (for CSRF protection).
 
+
+# 4. Access Token Request (Exchange Authorization Code for Token)
+
+Now that your platform has the authorization code, 
+
+it sends a POST request to Google's token endpoint 
+
+to exchange the authorization code for an access token and refresh token.
+
+- `HTTP` Method: POST
+- `URL`: https://oauth2.googleapis.com/token
+- `Headers`:
+    - `Content`-Type: application/x-www-form-urlencoded
+- `Body` Parameters:
+    - `grant_type`=authorization_code: This specifies the grant type.
+    - `code`: The authorization code you received in the previous step.
+    - `redirect_uri`: The same redirect URI used in the authorization request.
+    - `client_id`: Your Google API client ID.
+    - `client_secret`: Your Google API client secret (which should be kept secure).
+
+
+```sh
+POST https://oauth2.googleapis.com/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=authorization_code&
+code=4/0AX4XfWgNmGZVbV7Kdr8Q9yVyzIYBnbbBdLfX39ZaE8m0w8zT8jKRLl7w-uT8k7WiyLg0Q&
+redirect_uri=https://xorismesiti.gr/callback&
+client_id=YOUR_GOOGLE_CLIENT_ID&
+client_secret=YOUR_GOOGLE_CLIENT_SECRET
+```