- Configured CORS middleware to allow cross-origin requests from the frontend. - Implemented Google OAuth2 login flow and post-auth frontend redirection. - Managed secure HTTP-only cookies for access, refresh, and state tokens.