From fd93c1d114273744e7813dc826a7501e6785cebc Mon Sep 17 00:00:00 2001 From: Ste Vaidis Date: Sun, 15 Dec 2024 12:05:20 +0200 Subject: [PATCH] Update OAuth2.md --- OAuth2.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/OAuth2.md b/OAuth2.md index 2582dd9..494aafb 100644 --- a/OAuth2.md +++ b/OAuth2.md @@ -5,12 +5,12 @@ A way for the `user` to tell `google` to give an access token to `xorismesiti.gr ### OAuth2 Flow: 1. **User clicks** "Login with Google" on your platform `xorismesiti.gr` -2. **Authorization Request**: Redirect to Google's authorization endpoint `accounts.google.com/o/oauth2`, requesting the user's data +2. **Authorization Request**: Redirect to Google's authorization endpoint `accounts.google.com/o/oauth2` 3. **User Login and Consent**: User login to Google and grants permissions. -4. **Authorization Code Response**: Google redirects back to your platform `xorismesiti.gr/callback` with an authorization `code`. -5. **Access Token Request**: Exchange the authorization `code` for an `access_token`. -6. **Access Protected Resources**: Use the `access_token` to fetch the user's Google profile and email from `googleapis.com/oauth2` -7. **Token Refresh** (Optional): If the `access_token` expires, use the `refresh token` to get a new `access_token`. +4. **Authorization Code Response**: Google redirects back to your app `xorismesiti.gr/callback` with an authorization `code`. +5. **Access Token Request**: App exchanges the authorization `code` for an `access_token`. +6. **Access Protected Resources**: App uses the `access_token` to fetch the user's Google profile and email from `googleapis.com/oauth2` +7. **Token Refresh** (Optional): If the `access_token` expires, app uses the `refresh token` to get a new `access_token`. ### Summary of Tasks Split Across Frontend and Backend: