What's the makeup of my access token from Google?

Question

I've acquired the following access token through Google OAuth Playground.

ya29.Ci9aA2EirNhY3InpsLC2Q5ct1XZh2UL60oWWVmkMCBBUL0M-4oAAoigZCJ6O_a4geA

It does not appear to be a JWT (or JWS/JWE for that matter), because I would expect something like 3 segments. The first segment also seems too short to encode the token type.

I know the token must be legitimate, but I cannot for the life of me figure out what specification describes what I'm looking at.

What format is this thing?

Answer 1

How exactly are you obtaining that token?

Using the Google's Sign-In button template to initialize the login & grant of permissions process like so gives me a JWT (the idToken):

<meta name="google-signin-client_id" content="{{ OAUTH2_CLIENT_ID }}">

<script src="https://apis.google.com/js/platform.js?onload=onLoad" async defer></script>

<div id="google-signin-button"
     class="g-signin2"
     data-width="170"
     data-height="30"
     data-onsuccess="onSignIn"
     data-onfailure="onSignInFailure">
</div>

function onSignIn(googleUser) {
    var profile = googleUser.getBasicProfile();
    var idToken = googleUser.getAuthResponse().id_token;
}

Answer 2

The OAuth 2.0 specification says that:

An access token is a string representing an authorization issued to the client. The string is usually opaque to the client.

That is, you should generally not expect to know the format or get any other useful information out of the token.

Of course, it's certainly possible for Google to use JWT or some other container format for the token, but I don't see any indication that that's the case. (This answer also makes me think that they're not in any specified format.)