From 9a5a9549efd085a86909d151bcaeb6b03cf44e86 Mon Sep 17 00:00:00 2001
From: Ste Vaidis <ste.vaidis@gmail.com>
Date: Sun, 15 Dec 2024 12:13:37 +0200
Subject: [PATCH] Update OAuth2.md

---
 OAuth2.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/OAuth2.md b/OAuth2.md
index 4b9c273..c0ef593 100644
--- a/OAuth2.md
+++ b/OAuth2.md
@@ -87,7 +87,7 @@ const loginWithGoogle = () => {
 The frontend must not directly exchange the `code` for an `access_token`. Instead, it sends the `code` to the backend via an API request.
 
 <details>
-<summary><h3>Example Frontend Code</h3></summary>
+<summary><h3>Frontend Code</h3></summary>
 
 ```js
 // On the backend callback URL, the frontend receives the authorization code
@@ -138,6 +138,9 @@ export default Callback;
 3. The backend ensures to never expose the client_secret to the frontend. This step should always be handled on the backend.
 4. The backend will exchange the `code` for an `access_token` and `refresh_token`, which are sent back to the frontend or stored securely for subsequent API calls.
 
+<details>
+<summary><h3>HTTP Request</h3></summary>
+
 - `HTTP` Method: POST
 - `URL`: https://oauth2.googleapis.com/token
 - `Headers`:
@@ -160,6 +163,8 @@ client_id=YOUR_GOOGLE_CLIENT_ID&
 client_secret=YOUR_GOOGLE_CLIENT_SECRET
 ```
 
+</details>
+
 <details>
 <summary><h3>Example Backend Code:</h3></summary>