DEV Community

Justin Poehnelt
Justin Poehnelt

Posted on • Originally published at justin.poehnelt.com on

Verify a Google access token

A Google access token can be verified using the following command to an Oauth2 endpoint:

curl "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=$GOOGLE_ACCESS_TOKEN"
Enter fullscreen mode Exit fullscreen mode

The response will include the scope and additional information about the access token similar to the following for a service account access token:

{
  "issued_to": "1068863916064001234",
  "audience": "1068863916064001234",
  "user_id": "1068863916064001234",
  "scope": "https://www.googleapis.com/auth/userinfo.email openid",
  "expires_in": 3555,
  "email": "my-service-account@my-project.iam.gserviceaccount.com",
  "verified_email": true,
  "access_type": "online"
}
Enter fullscreen mode Exit fullscreen mode

Top comments (3)

Collapse
 
dileepamabulage profile image
Dileepa Mabulage

Isn't there an inbuilt function in google-auth-library in nodejs

Collapse
 
jpoehnelt profile image
Justin Poehnelt

Possibly, not everyone wants to pull in those libraries though.

Collapse
 
dileepamabulage profile image
Dileepa Mabulage • Edited

After 3 or 4 token info API requests it throws 400 responses. But the Google APIs are working with the same access token.