1.7 KiB
1. Authorization Request (User Initiates Login)
A user clicks on the Login with Google button on the the app xorismesiti.gr.
The app request permission to access certain Google APIs (like the user's email, profile, etc.).
GET https://accounts.google.com/o/oauth2/v2/auth?
response_type=code&
client_id=YOUR_GOOGLE_CLIENT_ID&
redirect_uri=https://xorismesiti.gr/callback&
scope=email%20profile&
state=xyz123
response_type=code: This indicates you're using the "authorization code" flow.client_id: Your Google API client ID.redirect_uri: The URI Google will redirect to after the user consents.scope: The permissions you're requesting (e.g., email, profile).state: A random string to protect against CSRF attacks.
2. User Login and Consent
-
The user is redirected to Google's login page.
-
If they're not already logged in, they will be prompted to enter their Google credentials.
-
After successful login, the user will be shown a consent screen where they can grant or deny permission for your app to access their Google account (e.g., email and profile information).
User Action: The user clicks "Allow" to grant access.
3. Authorization Code Response (Google Redirects to Your Platform)
Google redirects the user back to your platform's redirect_uri https://xorismesiti.gr/callback with an authorization_code in the query parameters.
URL: https://xorismesiti.gr/callback
HTTP Method: GET
Parameters:
code: The authorization code sent by Google.
state: The same state value sent in the original request (for CSRF protection).
GET https://xorismesiti.gr/callback?
code=4/0AX4XfWgNmGZVbV7Kdr8Q9yVyzIYBnbbBdLfX39ZaE8m0w8zT8jKRLl7w-uT8k7WiyLg0Q&
state=xyz123