The remainder of the OAuth2/OIDC ceremony, namely the exchange of the code for a token, is missing.

Your server needs to implement a Servlet with the path /Callback to process the callback provided in the callback_url.

The internal processing of http://localhost:8081/Callback?code=xxxxxxxxxxxxxxxxxx should make a call to https://accounts.google.com/o/oauth2/token with the code as a parameter.

The call to https://accounts.google.com/o/oauth2/token will return the JWT for later use for authorization by the client.

This is the missing step.