After also reading through the passport.js docs a bit, I suggest you try to accomplish your goals with the JWT strategy by passport: https://www.passportjs.org/packages/passport-jwt/ and the Google strategy by passport: https://www.passportjs.org/packages/passport-google-oauth20/

If you don't want to use passport at all, this post goes into detail on how to do it yourself without a library by Google: https://permify.co/post/oauth-20-implementation-nodejs-expressjs/

Google does also provide a library to make things a bit easier: https://cloud.google.com/nodejs/docs/reference/google-auth-library/latest