# 1. Authorization Request (User Initiates Login)

A user clicks on the **Login with Google** button on the the app `xorismesiti.gr`.

The app request permission to access certain Google APIs (like the user's email, profile, etc.).

```sh
GET https://accounts.google.com/o/oauth2/v2/auth?
    response_type=code&
    client_id=YOUR_GOOGLE_CLIENT_ID&
    redirect_uri=https://xorismesiti.gr/callback&
    scope=email%20profile&
    state=xyz123
```

- `response_type=code`: This indicates you're using the "authorization code" flow.
- `client_id`: Your Google API client ID.
- `redirect_uri`: The URI Google will redirect to after the user consents.
- `scope`: The permissions you're requesting (e.g., email, profile).
- `state`: A random string to protect against CSRF attacks.

# 2. User Login and Consent

- The user is redirected to Google's login page.

- If they're not already logged in, they will be prompted to enter their Google credentials.

- After successful login, the user will be shown a consent screen where they can grant or deny permission for your app to access their Google account (e.g., email and profile information).

**User Action**: The user clicks "Allow" to grant access.

# 3. Authorization Code Response (Google Redirects to Your Platform)

Google redirects the user back to your platform's redirect_uri `https://xorismesiti.gr/callback` with an authorization_code in the query parameters.

```sh
GET https://xorismesiti.gr/callback?
    code=4/0AX4XfWgNmGZVbV7Kdr8Q9yVyzIYBnbbBdLfX39ZaE8m0w8zT8jKRLl7w-uT8k7WiyLg0Q&
    state=xyz123
```

- `URL`: https://xorismesiti.gr/callback
- `HTTP` Method: GET
- `Parameters`:
    - `code`: The authorization code sent by Google.
    - `state`: The same state value sent in the original request (for CSRF protection).