azure - Why can't the google JWT token be decoded by jwt.io

Question

I have Google authentication enabled in an Azure App Service .NET Core application, and I am trying to generate an access token using Postman:

An access token and an id_token get successfully generated, but when I input the access token into jwt.io, I see gibberish back:

I am new to google auth as well as JWT in general, so my expectation may be totally invalid, but shouldn't I be able to decode the token on jwt.io?

Answer 1

The access token is not a JWT. The id_token is a JWT and you should be able to decode it using jwt.io.

The difference is connected to the difference between OAuth 2.0 and OpenID Connect.

The access token is used to make additional requests to Google API: https://developers.google.com/identity/protocols/OAuth2WebServer#callinganapi

The id_token already holds the information for the authenticating user: https://developers.google.com/identity/protocols/OpenIDConnect#obtainuserinfo