When doing cross platform authentication, you can get an ID token from your Android app using the GoogleApiClient, which you can give to your backend server. The server will then first verify the token using the following url:
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123
If the token is properly signed and the iss and exp claims have the expected values, you will get a HTTP 200 response, where the body contains the JSON-formatted ID token claims. Here's an example response:
{
 "iss": "https://accounts.google.com",
 "sub": "110169484474386276334",
 "azp": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
 "email": "[email protected]",
 "at_hash": "X_B3Z3Fi4udZ2mf75RWo3w",
 "email_verified": "true",
 "aud": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
 "iat": "1433978353",
 "exp": "1433981953"
}
What does all these fields mean aside from email?
Claims contains a set of name/value pairs
See: https://developers.google.com/identity/protocols/OpenIDConnect for more details.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With