Getting Google Sign-In Token using Postman

This guide walks through the steps required to obtain a Google Sign-In token (ID token and access token) using Postman for testing and development purposes.

Step 1: Set Up OAuth 2.0 Credentials in Google Cloud

  1. Go to Google Cloud Console.

  2. Create or select a project.

  3. Navigate to APIs & Services > Credentials.

  4. Click Create Credentials > OAuth client ID.

  5. Choose Web application.

  6. Set the authorized redirect URI to:

    https://oauth.pstmn.io/v1/callback

  7. Save and copy the Client ID and Client Secret.

Step 2: Configure OAuth 2.0 in Postman

In Postman:

  1. Go to the Authorization tab.

  2. Set Type to OAuth 2.0.

  3. Click Get New Access Token and fill out the form:

    • Token Name: GoogleSignInToken

    • Grant Type: Authorization Code

    • Callback URL: https://oauth.pstmn.io/v1/callback

    • Auth URL: https://accounts.google.com/o/oauth2/auth

    • Access Token URL: https://oauth2.googleapis.com/token

    • Client ID: <your-client-id>

    • Client Secret: <your-client-secret>

    • Scope: openid email profile

    • Client Authentication: Send as Basic Auth header

  4. Optional: Check Authorize using browser for easier Google sign-in.

  5. Click Get New Access Token and complete Google sign-in.

Step 3: Use the Tokens

  • After a successful login, Postman will display the token response.

  • You can view both the access_token and the id_token.

  • Use id_token to authenticate users in your backend.

  • The access_token can be used for authorized calls to Google APIs.

Troubleshooting

  • 404 Errors: Ensure URLs are exact (no trailing spaces or line breaks).

  • Redirect URI Mismatch: The callback in Postman must exactly match what’s registered in Google Console.

  • Invalid Client ID/Secret: Double-check credentials.

  • Token not received: Ensure scopes and grant type are correctly set.

Summary

This setup allows developers to simulate Google OAuth2 login flows directly in Postman for testing Google Sign-In and authorization flows. Once working here, the same can be applied in your application’s auth integration logic.

Let me know if you want to extend this guide to include using the id_token in Spring Boot apps or validating it on the backend.