working with google id token on android

Question

I'm able to receive google id token with GoogleSignInAccount.getIdToken() thereby I have few questions on how to deal with it

1. Token is about 1kb string.I can't send it with each server request.So what is the correct way how can I validate it on serverside?
2. I see no methods for refreshing id token.Does this happen automaticaly within GoogleSignInAccount class?
3. Is there any limitation(quota) on token verification from google's side?

Answer 1

1.To not overload server we decided to generate internal(short) access token with the same expiration time(1 hour)

2.Token refresh can be achieved by calling login function again:

private void loginGoogle(){
        //context is Activity
        GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                .requestIdToken(context.getString(R.string.default_web_client_id)).requestEmail()
                .build();
        if (googleApiClient!=null) {
            googleApiClient.stopAutoManage((FragmentActivity) context);
            googleApiClient.disconnect();
        }
        googleApiClient = new GoogleApiClient.Builder(context)
                .enableAutoManage((FragmentActivity) context, new GoogleApiClient.OnConnectionFailedListener() {
                    @Override
                    public void onConnectionFailed(@NonNull ConnectionResult connectionResult) {
                        Log.d("auth", "connection failed");
                    }
                })
                .addApi(Auth.GOOGLE_SIGN_IN_API, gso)
                .build();
        //
        OptionalPendingResult<GoogleSignInResult> opr =
                Auth.GoogleSignInApi.silentSignIn(googleApiClient);
        if (opr.isDone()) {
            GoogleSignInResult r = opr.get();
            Log.d("auth", "google silent signin sync");
            fillGoogleProfile(r.getSignInAccount());
        } else {
            opr.setResultCallback(new ResultCallback<GoogleSignInResult>() {
                @Override
                public void onResult(@NonNull GoogleSignInResult result) {
                    Log.d("auth", "google silent signin async");
                    if (result.getSignInAccount()==null) {
                        Intent signInIntent = Auth.GoogleSignInApi.getSignInIntent(googleApiClient);
                        //catch result in the onActivityResult
                        context.startActivityForResult(signInIntent, RC_SIGN_IN);
                        return;
                    }
                    fillGoogleProfile(result.getSignInAccount());
                }
            });
        }
    }

3.Still didn't find an answer