diff --git a/OAuth2.md b/OAuth2.md
new file mode 100644
index 0000000..695d75e
--- /dev/null
+++ b/OAuth2.md
@@ -0,0 +1,20 @@
+
+# 1. Authorization Request (User Initiates Login)
+
+A user visits the app `xorismesiti.gr` and clicks on the **Login with Google** button.
+The app will request permission to access certain Google APIs (like the user's email, profile, etc.).
+
+```sh
+GET https://accounts.google.com/o/oauth2/v2/auth?
+    response_type=code&
+    client_id=YOUR_GOOGLE_CLIENT_ID&
+    redirect_uri=https://xorismesiti.gr/callback&
+    scope=email%20profile&
+    state=xyz123
+```
+
+- `response_type=code`: This indicates you're using the "authorization code" flow.
+- `client_id`: Your Google API client ID.
+- `redirect_uri`: The URI Google will redirect to after the user consents.
+- `scope`: The permissions you're requesting (e.g., email, profile).
+- `state`: A random string to protect against CSRF attacks.