diff --git a/src/main/java/org/genesys2/server/mvc/GoogleSocialController.java b/src/main/java/org/genesys2/server/mvc/GoogleSocialController.java
index e5e01247deaf1e584131381ecd353a43482bf30a..3dbec2cff01d9337b5a63a315716482da451a8c0 100644
--- a/src/main/java/org/genesys2/server/mvc/GoogleSocialController.java
+++ b/src/main/java/org/genesys2/server/mvc/GoogleSocialController.java
@@ -17,6 +17,9 @@
 package org.genesys2.server.mvc;
 
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -24,15 +27,16 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.genesys.blocks.security.NotUniqueUserException;
 import org.genesys.blocks.security.UserException;
-import org.genesys.blocks.security.model.BasicUser.AccountType;
 import org.genesys.blocks.security.service.PasswordPolicy.PasswordPolicyException;
 import org.genesys2.server.model.impl.User;
-import org.genesys2.server.service.UserService;
 import org.genesys2.server.servlet.util.GoogleOAuthUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.OAuth2Request;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
@@ -43,19 +47,22 @@ import org.springframework.social.google.api.plus.Person;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
 
 @Controller
 public class GoogleSocialController extends BaseController {
 
-	@Autowired
-	private UserService userService;
-
 	private final AuthenticationSuccessHandler authSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
 	private final AuthenticationFailureHandler authFailureHandler = new SimpleUrlAuthenticationFailureHandler();
 
 	@Autowired
 	private GoogleOAuthUtil googleOAuthUtil;
 
+	@Autowired
+	private AuthorizationServerTokenServices tokenServices;
+
 	@RequestMapping("/google/login")
 	public void redirectToGoogle(HttpServletResponse response) throws IOException {
 		response.sendRedirect(googleOAuthUtil.getAuthenticationUrl());
@@ -84,19 +91,7 @@ public class GoogleSocialController extends BaseController {
 		final Google google = new GoogleTemplate(accessToken);
 		final Person userInfo = google.plusOperations().getGoogleProfile();
 
-		User user = null;
-		try {
-			user = userService.getUserByEmail(userInfo.getAccountEmail());
-			if (user.getAccountType() == AccountType.LOCAL) {
-				// account exists, change to {@link LoginType#GOOGLE}
-				LOG.info("Changing account type to LoginType#GOOGLE");
-				userService.setAccountType(user, AccountType.GOOGLE);
-			}
-		} catch (UsernameNotFoundException e) {
-			LOG.info("Username not found, creating new Google account");
-			user = userService.createUser(userInfo.getAccountEmail(), null, userInfo.getDisplayName(), AccountType.GOOGLE);
-			userService.userEmailValidated(user.getUuid());
-		}
+		googleOAuthUtil.extractUserFromGoogleProfile(userInfo);
 
 		final Authentication authentication = googleOAuthUtil.googleAuthentication(userInfo);
 
@@ -104,4 +99,30 @@ public class GoogleSocialController extends BaseController {
 		authSuccessHandler.onAuthenticationSuccess(request, response, authentication);
 	}
 
+	/**
+	 * Google XHR auth.
+	 *
+	 * @param accessToken the access token
+	 * @param clientId the client id
+	 * @return the object
+	 */
+	@RequestMapping(value = "/google/verify-token", method = RequestMethod.GET)
+	@ResponseBody
+	public Object googleAuth(@RequestParam("accessToken") final String accessToken,
+							 @RequestParam("clientId") final String clientId) throws UserException {
+
+		final Google google = new GoogleTemplate(accessToken);
+		final Person userInfo = google.plusOperations().getGoogleProfile();
+
+		User user = googleOAuthUtil.extractUserFromGoogleProfile(userInfo);
+
+		final Set<String> scope = new HashSet<>(Arrays.asList("trust", "read", "write"));
+		final OAuth2Request oAuth2Request = new OAuth2Request(null, clientId, user.getAuthorities(), true, scope, null, null, null, null);
+
+		final UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
+		final OAuth2Authentication auth = new OAuth2Authentication(oAuth2Request, authenticationToken);
+
+		return tokenServices.createAccessToken(auth);
+	}
+
 }
diff --git a/src/main/java/org/genesys2/server/servlet/util/GoogleOAuthUtil.java b/src/main/java/org/genesys2/server/servlet/util/GoogleOAuthUtil.java
index 7daba2d67659b8dd61a7e3455dd590c044c418f7..01eb021cb4a6b5d790e47889a0029d54198659b1 100644
--- a/src/main/java/org/genesys2/server/servlet/util/GoogleOAuthUtil.java
+++ b/src/main/java/org/genesys2/server/servlet/util/GoogleOAuthUtil.java
@@ -33,6 +33,10 @@ import org.apache.http.client.utils.URLEncodedUtils;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.message.BasicNameValuePair;
+import org.genesys.blocks.security.UserException;
+import org.genesys.blocks.security.model.BasicUser;
+import org.genesys2.server.model.impl.User;
+import org.genesys2.server.service.UserService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -65,6 +69,9 @@ public class GoogleOAuthUtil {
 	@Value("${google.consumerSecret}")
 	private String secret;
 
+	@Autowired
+	private UserService userService;
+
 	@Autowired
 	@Named("authUserDetailsService")
 	private UserDetailsService userDetailsService;
@@ -136,4 +143,24 @@ public class GoogleOAuthUtil {
 			return null;
 		}
 	}
+
+	public User extractUserFromGoogleProfile(Person userInfo) throws UserException {
+		User user = null;
+		try {
+			user = userService.getUserByEmail(userInfo.getAccountEmail());
+			if(user == null){
+				throw new UsernameNotFoundException("User not found");
+			}
+			if (user.getAccountType() == BasicUser.AccountType.LOCAL) {
+				// account exists, change to {@link LoginType#GOOGLE}
+				LOG.info("Changing account type to LoginType#GOOGLE");
+				userService.setAccountType(user, BasicUser.AccountType.GOOGLE);
+			}
+		} catch (UsernameNotFoundException e) {
+			LOG.info("Username not found, creating new Google account");
+			user = userService.createUser(userInfo.getAccountEmail(), userInfo.getDisplayName(),null, BasicUser.AccountType.GOOGLE);
+			userService.userEmailValidated(user.getUuid());
+		}
+		return user;
+	}
 }