How can I verify a Google authentication API access token?

Question

How can I verify a Google authentication access token?

I need to somehow query Google and ask: Is [given access token] valid for the [exampl

Answer 1

I need to somehow query Google and ask: Is this access token valid for example@example.com?

No. All you need is request standard login with Federated Login for Google Account Users from your API domain. And only after that you could compare "persistent user ID" with one you have from 'public interface'.

The value of realm is used on the Google Federated Login page to identify the requesting site to the user. It is also used to determine the value of the persistent user ID returned by Google.

So you need be from same domain as 'public interface'.

And do not forget that user needs to be sure that your API could be trusted ;) So Google will ask user if it allows you to check for his identity.