4. Fill out the same test domain and test app name as before
4. Fill out the same test domain and test app name as before
5. Save the ID and Secret to a place you won't forget (perhaps a .gitignored .env)
5. Save the ID and Secret to a place you won't forget (perhaps a .gitignored .env)
Update your signin page.
1. You need to put your default scopes (i.e. `profile email`) and client ID in the meta tag of your login page HTML. `profile` is the minimum scope and is always returned.
3. You can start off with the Google's sign in button, but you need your own `data-onsuccess` callback. You can also adjust the `data-scope` per button to include more stuff.
// Note: this is a special prototype-style instance object with few
// enumerable properties (which don't make sense). Requires API docs.
// See https://developers.google.com/identity/sign-in/web
console.log(goauth)
};
</script>
```
4. Despite the documentation stating that passing a token as a query is deprecated and to use the `Authorization` header, the inspect token URL only supports the query parameter: `GET https://oauth2.googleapis.com/tokeninfo?id_token=<token>`
- You can also validate the token with Google's public key