stevaidis/dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update OAuth2.md

Browse Source
This commit is contained in:
Ste Vaidis 2024-12-15 14:53:13 +02:00
parent 49c05063b2
commit 92e11e2c45
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
OAuth2.md
View File

@ -180,10 +180,10 @@ export default Callback;
# 3. [Backend] Exchange Code with Token
1. The backend **receives** the `code` from the frontend (a POST on `xorismesiti.gr/api/auth/exchange-token` with the authorization `code`)
2. The backend **sends** `code` to Google (makes a `POST` request to Google token endpoint to send the authorization `code`)
3. The Google API responses to POST with tokens `access_token` and `refresh_token`
4. The backend **sends** tokens to frontend (at POST respond on `xorismesiti.gr/api/auth/exchange-token`)
1. The backend **receives** the authorization `code` form frontend (Frontend POST at `xorismesiti.gr/api/auth/exchange-token`)
2. The backend **POST** Authorization `code` to Google API
3. The Google API respond to backend POST with the tokens `access_token` and `refresh_token`
4. The backend **respond** to frontend with the tokens (respond to frontend POST at `xorismesiti.gr/api/auth/exchange-token`)
*Security: The backend never expose the client_secret to the frontend. This step should always be handled on the backend.*