I often run into a situation when debugging google api clients where I want to verify that the credential values I'm using are sound (e.g. not malformed and not from a different provider).
To this end, given a refresh token issued by google oauth, how do I confirm:
This is not for production code, simply a means of establishing invariants.
The only way to validate a Google refresh token is to actually use the refresh token to request a new access token there's no other way of doing it
If we were talking about an ID token you could do use the verify token Endpoint
If we were talking about an access token it's a java web token so you could actually decode that and check the claims
But unfortunately the only way to check to see if a refresh token is valid is to actually use it