From 92e11e2c45b7c49c2e6e742ad47be560762cc728 Mon Sep 17 00:00:00 2001
From: Ste Vaidis <ste.vaidis@gmail.com>
Date: Sun, 15 Dec 2024 14:53:13 +0200
Subject: [PATCH] Update OAuth2.md

---
 OAuth2.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/OAuth2.md b/OAuth2.md
index 857580f..fcd86b6 100644
--- a/OAuth2.md
+++ b/OAuth2.md
@@ -180,10 +180,10 @@ export default Callback;
 
 # 3. [Backend] Exchange Code with Token 
 
-1. The backend **receives** the `code` from the frontend (a POST on `xorismesiti.gr/api/auth/exchange-token` with the authorization `code`)
-2. The backend **sends** `code` to Google (makes a `POST` request to Google token endpoint to send the authorization `code`)
-3. The Google API responses to POST with tokens `access_token` and `refresh_token`
-4. The backend **sends** tokens to frontend (at POST respond on `xorismesiti.gr/api/auth/exchange-token`)
+1. The backend **receives** the authorization `code` form frontend (Frontend POST at `xorismesiti.gr/api/auth/exchange-token`)
+2. The backend **POST** Authorization `code` to Google API
+3. The Google API respond to backend POST with the tokens `access_token` and `refresh_token`
+4. The backend **respond** to frontend with the tokens (respond to frontend POST at `xorismesiti.gr/api/auth/exchange-token`)
 
 *Security: The backend never expose the client_secret to the frontend. This step should always be handled on the backend.*