From a633935bd6dcc510cbb22e15aca93bbe5140181a Mon Sep 17 00:00:00 2001 From: Ste Vaidis Date: Tue, 7 Jan 2025 15:08:54 +0200 Subject: [PATCH] Update OAuth2-Backend-Approach.md --- OAuth2-Backend-Approach.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/OAuth2-Backend-Approach.md b/OAuth2-Backend-Approach.md index 9653e5c..0764754 100644 --- a/OAuth2-Backend-Approach.md +++ b/OAuth2-Backend-Approach.md @@ -19,21 +19,21 @@ A way for the `user` to tell `google` to give an access to `xorismesiti.gr` app 1. Get Code - 1. Front **GET** to Google `https://accounts.google.com/o/oauth2` with callback url - 2. Google **302** to Back `https://xorismesiti.gr/api/auth/callback` with authorization code + 1. Frontend **GET** to Google `https://accounts.google.com/o/oauth2` with callback url + 2. Google **302** to Backend `https://xorismesiti.gr/api/auth/callback` with authorization code 2. Exchange Code with Token - 1. Back **POST** the `code` to Google `https://oauth2.googleapis.com/token` - 2. Google **response** to Back with an `access_token` and a `refresh token` - 3. Back **response** to Front with the `access_token` in a `cookie` + 1. Backend **POST** the `code` to Google `https://oauth2.googleapis.com/token` + 2. Google **response** to Backend with an `access_token` and a `refresh token` + 3. Backend **response** to Frontend with the `access_token` in a `cookie` 3. Use Token - 1. Front **GET** profile data from Back `https://xorismesiti.gr/api/auth/profile` using the `cookie` - 2. Back **GET** profile data from Google `https://www.googleapis.com/oauth2/v3/userinfo` using the `access_token` from Front `cookie` - 3. Google **response** to Back with profile data - 4. Back **response** to Front with profile data + 1. Frontend **GET** profile data from Backend `https://xorismesiti.gr/api/auth/profile` using the `cookie` + 2. Backend **GET** profile data from Google `https://www.googleapis.com/oauth2/v3/userinfo` using the `access_token` from Frontend `cookie` + 3. Google **response** to Backend with profile data + 4. Backend **response** to Frontend with profile data