1) Create Client id using google console - and pass the client id to developer 2) keep the client id for validation from server side , first validate user request has the correct client id or not if yes, validate the idtoken with google 3) if idtoken is valid generate access token and send to client 4)save all secrets for access and DB in .ENV file and install donenv python module (incase of errors, .ENV file -keep a variable called CRM_TEST = 1 , dont validate with google and just pass access token CRM_TEST = 0 (only then validate with google idtoken and if valid only return the JWT) sample .env file CLIENT_ID=your_client_id CLIENT_SECRET=your_client_secret GOOGLE_OAUTH_SCOPE=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile # Database credentials DATABASE_URL=postgresql://user:password@host:port/database_name DATABASE_HOST=your_database_host DATABASE_USER=your_database_use...