4. Fill out the same test domain and test app name as before
5. Save the ID and Secret to a place you won't forget (perhaps a .gitignored .env)
Update your signin page.
1. You need to put your default scopes (i.e. `profile email`) and client ID in the meta tag of your login page HTML. `profile` is the minimum scope and is always returned.
3. You can start off with the Google's sign in button, but you need your own `data-onsuccess` callback. You can also adjust the `data-scope` per button to include more stuff.
// Note: this is a special prototype-style instance object with few
// enumerable properties (which don't make sense). Requires API docs.
// See https://developers.google.com/identity/sign-in/web
console.log(goauth)
};
</script>
```
4. Despite the documentation stating that passing a token as a query is deprecated and to use the `Authorization` header, the inspect token URL only supports the query parameter: `GET https://oauth2.googleapis.com/tokeninfo?id_token=<token>`
- You can also validate the token with Google's public key