The newest version of Google Identity Toolkit has been released as Firebase Authentication. It includes upgraded client SDKs, open source UI libraries, session management and integrated email sending service for forgotten password flows.

New projects should use Firebase Authentication. To migrate an existing project from Identity Toolkit to Firebase Authentication, see the migration guide.

Token Service REST API Reference

The Token Service API lets you exchange either an ID token or a refresh token for an access token and a new refresh token. You can use the access token to securely call APIs that require user authorization.

HTTP request

POST https://securetoken.googleapis.com/v1/token

Request body

The request body contains data with the following structure:

URL-encoded representation
grant_type=string&code=string&refresh_token=string
Field name Type Description
grant_type string

The type of token you're sending:

  • authorization_code to send an ID token.
  • refresh_token to send a refresh token.

code string ID token to exchange for an access token and a refresh token. This field is called code to conform with the OAuth 2.0 specification. This field is ignored if grant_type isn't authorization_code.
refresh_token string Refresh token to exchange for an access token. This field is ignored if grant_type isn't refresh_token.

Response body

If successful, the response body contains data with the following structure:

JSON representation
{
  "access_token": string,
  "expires_in": string,
  "token_type": string,
  "refresh_token": string,
}
Field name Type Description
access_token string The granted access token.
expires_in string Expiration time of access_token in seconds.
token_type string The type of access_token. Included to conform with the OAuth 2.0 specification; always Bearer.
refresh_token string The granted refresh token; might be the same as refresh_token in the request.