Update OAuth2.md

OAuth2.md

@@ -77,3 +77,30 @@ redirect_uri=https://xorismesiti.gr/callback&
 client_id=YOUR_GOOGLE_CLIENT_ID&
 client_secret=YOUR_GOOGLE_CLIENT_SECRET
 ```
+
+# 5. Access Token Response (Google Returns Tokens)
+
+Google validates the request 
+
+and returns a response with the access token (which can be used to access the user's Google resources) 
+
+and optionally, a refresh token (which can be used to refresh the access token when it expires).
+
+```json
+{
+    "access_token": "ya29.a0AfH6SMC8Op6zXZkHi2XITkDoOVzYXt3hTY6sny54UlWlxrnKlX5Xv78is7BEHekVX-VoA",
+    "token_type": "Bearer",
+    "expires_in": 3600,
+    "refresh_token": "1//04d5XHqmn6Hdy3wTf5OYDP1SyBa74zEFURjddQ2A1cFw78PY13pQyWhlD2A6XhDQtKlrjAqU4kS3vGdMvckw",
+    "scope": "email profile"
+}
+```
+
+- HTTP Method: 200 OK
+- Response Body:
+    - access_token: The access token used for accessing the user's resources (e.g., profile, email).
+    - token_type: Usually Bearer, indicating the type of token.
+    - expires_in: The lifetime of the access token in seconds (e.g., 3600 seconds = 1 hour).
+    - refresh_token: (Optional) The refresh token used to obtain a new access token when the current one expires.
+    - scope: The scope of access granted (e.g., email, profile).
+