How to get the access token from Google Sign-In Javascript SDK?

stickfigure picture stickfigure · Apr 21, 2015 · Viewed 19.6k times · Source

I have a simple single-page javascript webapp which uses "Google Sign-In for Websites": https://developers.google.com/identity/sign-in/web/sign-in

How can I get an access token for the user? I need a verifiable assertion of the user's identity on my server. I don't want offline access; I just want to know that when the web client sends an ajax request to my server, I can trust the identity of the logged-in user.

Answer

Scarygami picture Scarygami · Apr 21, 2015

For verification purposes it would be better to use the id_token which is part of the auth response, and can be retrieved at any point like this:

gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().id_token

The Google API Client libraries offer functions to verify the id_token and give you the associated user information on the server side: https://developers.google.com/api-client-library/