What is the Google OpenID Connect Access Token Request?

If you want to implement the authentication code flow, also called server flow, to integrate your application with Google OpenID Connect, you need to have a good understanding of the Google OpenID Connect access token request, which is the second call you have to make in the authentication code flow.

Here is an example of Google OpenID Connect access token request and its parameters:

POST /token HTTP/1.1
Host: oauth2.googleapis.com
Content-Type: application/x-www-form-urlencoded

code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7
&client_id=9150833677096-....apps.googleusercontent.com
&client_secret=JqQX2PNo9bpM0uEihUPzyrh
&redirect_uri=http%3A%2F%2Ffyicenter.com%3AopenID_receiver.php
&grant_type=authorization_code

Here are the parameters you need to provide:

• client_id - The Application ID you received from the Azure portal as presented in the previous tutorial.
• code - The authentication code received from the previous sign-on authentication request.
• redirect_uri - The same URL used in the previous sign-on authentication request. Google OpenID Connect service will use it to help validate the authentication code.
• grant_type - Specify "authorization_code" to receive "id_token".
• client_secret - A secret key created defined in Google OpenID Connect application ID registration.

Note that the end point for the access token request is different that the authentication request. You need to look it up from the metadata document.

Request          End Point

Authentication   https://accounts.google.com/o/oauth2/auth
Access Token     https://oauth2.googleapis.com/token      

⇒ Initiate Google OpenID Connect Access Token Request

⇐ Validate Google OpenID Connect id_token Signature

⇑ Google OpenID Connect Integration

⇑⇑ OpenID Tutorials