How to process the access token response received from Google OpenID Connect service?

After Google OpenID Connect service receives an access token request from your Web server script, it will process the request and returns the access token response directly.

In order for your Web server script to process the access token response, you need to have a good understanding of the access token response.

Here is an example of Google OpenID Connect access token response,

{
  "access_token": "ya29.GlycBnoWhm7WAwcWy...",
  "expires_in": 3559,
  "scope": 
"https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.email",
  "token_type": "Bearer",
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6I..."
}

The "id_token" value is actually the "id_token" defined in RFC 7519 - JWT (JSON Web Token).

If there is any issue with the access token request, you will receive an error response like this:

{
  "error": "invalid_grant",
  "error_description": "Bad Request"
}

If an error response is received, your server side script should display an error Web page to the end user, so he/she can try to sign on again.

⇒ Google OpenID Connect Access Token Request Test Page

⇐ Process Google OpenID Connect Access Token Request

⇑ Google OpenID Connect Integration

⇑⇑ OpenID Tutorials