diff --git a/README.md b/README.md
index cf32509..6573622 100644
--- a/README.md
+++ b/README.md
@@ -58,6 +58,61 @@ this.$gAuth.getAuthCode()
 })
 ```
 
+### Backend-side(Golang)
+```go
+auth_code := ac.Code //from front-end side
+// generate a config of oauth
+conf := &oauth2.Config{
+	ClientID:     "XXXXXXXX",
+	ClientSecret: "XXXXXXXX",
+	RedirectURL:  "postmessage",
+	Scopes: []string{
+		"profile",
+		"email",
+		"https://www.googleapis.com/auth/plus.login",
+	},
+	Endpoint: "XXXXXX",
+}
+// exchange to token inclued refresh_token from code
+token, err = conf.Exchange(oauth2.NoContext, auth_code)
+if err != nil {
+	sErr := NewStatusErr(401, err.Error(), "Unauthorized")
+	return nil, &sErr
+}
+```
+Note, ```RedirectURL``` must be ```postmessage```!!
+
+### Backend-side(Python)
+```python
+# more info at https://developers.google.com/identity/sign-in/web/server-side-flow?authuser=1
+from apiclient import discovery
+import httplib2
+from oauth2client import client
+
+# (Receive auth_code by HTTPS POST)
+
+
+# If this request does not have `X-Requested-With` header, this could be a CSRF
+# if not request.headers.get('X-Requested-With'):
+#    abort(403)
+
+# Set path to the Web application client_secret_*.json file you downloaded from the
+# Google API Console: https://console.developers.google.com/apis/credentials
+CLIENT_SECRET_FILE = '/path/to/client_secret.json'
+
+# Exchange auth code for access token, refresh token, and ID token
+credentials = client.credentials_from_clientsecrets_and_code(
+    CLIENT_SECRET_FILE,
+    ['https://www.googleapis.com/auth/drive.appdata', 'profile', 'email'],
+    auth_code)
+
+# Get profile info from ID token
+userid = credentials.id_token['sub']
+email = credentials.id_token['email']
+```
+
+
+
 ## Usage - Directly get back the `access_token` and `id_token` or use api request
 
 ```javascript