How to transform login credentials into access tokens to use APIs - Google

Question

Good morning guys!

I am facing a problem in the following situation: I need to use the Google Sheets API, however, to use it I need to pass an acess_token, and I don't know how to generate it entirely on the web, without any type of "credentials.json" file. I'm doing this server side.

When users log in to my application, using Google, I am already requesting access to the drive and sheets scopes, all configured in GDC. However, even if the user grants permission, the return from the API is the generation of a bearer token containing the user's profile, name, family name, etc...

Can anyone help me transform the Bearer Token into an Access Token to be sent as authorization in the APIS header?

Bearer Token:

eyJhbGciOiJSUzI1NiIsImtpZCI6IjZmOTc3N2E2ODU5MDc3OThlZjc5NDA2MmMwMGI2NWQ2NmMyNDBiMWIiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIxMDk3NzE2Nzg2OTgxLTZnc2FoZHQzYjd0Z3E4dXIyMjloMjFoMW1ndWQ5cDd0LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiYXVkIjoiMTA5NzcxNjc4Njk4MS02Z3NhaGR0M2I3dGdxOHVyMjI5aDIxaDFtZ3VkOXA3dC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjEwMDU1NDk1MTM5OTI1NjgzMDg5NiIsImVtYWlsIjoicGxveW9ickBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmJmIjoxNzA5NTY4NzQ2LCJuYW1lIjoiUGxveW8gQnIiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDMuZ29vZ2xldXNlcmNvbnRlbnQuY29tL2EvQUNnOG9jSnNrVi1DLVZSMndzWE9sWlNWSEZiOXBaQTBjbUl0eG1tVjBIbWE2bEQ5PXM5Ni1jIiwiZ2l2ZW5fbmFtZSI6IlBsb3lvIiwiZmFtaWx5X25hbWUiOiJCciIsImxvY2FsZSI6InB0LUJSIiwiaWF0IjoxNzA5NTY5MDQ2LCJleHAiOjE3MDk1NzI2NDYsImp0aSI6IjY0OTczNzM0MjA4Y2I2ODkwMGIyM2JhN2E1MThkYzVlMzU0NWQ5NDYifQ.PVVs8nkXBxPTpg5nrperGq3OHdAsR3rpN5EVGlrxWHHW9RYRA0asbqY7VobkFIFDDiAh_Z4x-s457oKhz1CEEZfVWW3lj7mFjUsmj-wn8ttdRMewilujDa4c477-zW1yiGfR2XDdjnPC5sREhjvHycA7Fc2VkH869hUfIsyKWqZlU_j4H_BLP3K9hrGcLR5tiz1iMTtQiZQHj2S0E6DPY4EDCLB0MUbdZBbs84idr3huqjypKW54Fe_Rrq9PXHS_Lz-oI83mzT8k7wI5JKieB8EizfAb93Tjenmm8MDR_GSHepfvA4egztsDpykjjiMleNEPifKw9XOh804LZ_GkDA

request to obtain access token:

curl -d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=BEARER_TOKEN' https://oauth2.googleapis.com/token

Code:

 function handleCredentialResponse(response) {
            console.log("Encoded JWT ID token: " + response.credential);
            axios.post('http://localhost:3000/metadata', {
                jwt: response
            })
                .then(function (response) {
                    console.log(response);
                    getToken()
                })
                .catch(function (error) {
                    console.error(error);
                });
        }
        window.onload = function () {
            google.accounts.id.initialize({
                client_id: "1097716786981-6gsahdt3b7tgq8ur229h21h1mgud9p7t.apps.googleusercontent.com",
                callback: handleCredentialResponse
            });
            google.accounts.id.renderButton(
                document.getElementById("buttonDiv"),
                { theme: "outline", size: "large" }  // customization attributes
            );
            google.accounts.id.prompt(); // also display the One Tap dialog
        }

The return of this function after the user logs in with Google is here:

config
: 
{transitional: {…}, adapter: Array(2), transformRequest: Array(1), transformResponse: Array(1), timeout: 0, …}
data
: 
{clientId: '1097716786981-6gsahdt3b7tgq8ur229h21h1mgud9p7t.apps.googleusercontent.com', client_id: '1097716786981-6gsahdt3b7tgq8ur229h21h1mgud9p7t.apps.googleusercontent.com', credential: 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjZmOTc3N2E2ODU5MDc3OT…MDR_GSHepfvA4egztsDpykjjiMleNEPifKw9XOh804LZ_GkDA', select_by: 'btn'}
headers
: 
r {content-length: '1402', content-type: 'application/json; charset=utf-8'}
request
: 
XMLHttpRequest {onreadystatechange: null, readyState: 4, timeout: 0, withCredentials: false, upload: XMLHttpRequestUpload, …}
status
: 
200
statusText
: 
"OK"

Documentation: https://developers.google.com/identity/protocols/oauth2/service-account