Update OAuth2.md

OAuth2.md

@@ -12,21 +12,20 @@ A way for the `user` to tell `google` to give an access token to `xorismesiti.gr
 6. **Access Protected Resources**: Use the `access_token` to fetch the user's Google profile and email from `googleapis.com/oauth2`
 7. **Token Refresh** (Optional): If the `access_token` expires, use the `refresh token` to get a new `access_token`.
 
-
-
 ### Summary of Tasks Split Across Frontend and Backend:
 
 ***Frontend**
-1. Redirect the user to Google's OAuth authorization endpoint.
+1. **Redirect** the user to Google's OAuth authorization endpoint.
-2. Capture the authorization code after Google redirects back to the frontend.
+2. **Get** the authorization `code` after Google redirects back to the frontend.
-3. Send the authorization code to the backend for token exchange.
+3. **Send** the authorization `code` to the backend for `token` exchange.
 
 **Backend**
-1. Handle the token exchange (exchange the authorization code for an access token and refresh token).
+1. **exchange** the authorization `code` for an `access_token` and `refresh token`
-2. Optionally fetch user profile data from Google (or other resources) using the access token.
+2. **fetch** user profile data from Google (or other resources) using the `access_token`
-3. Store the tokens securely (in session or a database).
+3. **Store** the `tokens` securely (in session or a database).
-4. Provide a way to refresh the access token if it expires.
+4. **Refresh** the `access_token` if it expires.
-5. By splitting the OAuth flow this way, the sensitive details (like the client secret and token exchange) remain secure on the backend, while the frontend handles user interaction.
+
+
 
 
 # 1. [Frontend] Request Authorization code