Can I use an OAuth2 access token instead of a JWT for my app?

Stick to using JWTs if you're in complete control of both your application and service. OAuth2 tokens are meant for integrating with third-party services like Google login. They're more complex than JWTs. For straightforward web services involving a frontend and backend, JWTs work great for communication.

I wouldn't recommend storing an OAuth access token in localStorage. That could expose it if something goes wrong on the frontend. It feels like mixing responsibilities since the OAuth token is primarily for identity verification with that provider, not meant to serve as your app’s session token. Instead, consider converting it into your own short-lived token and managing the refresh process yourself.

Using an OAuth2 access token directly can be tricky. Since that token is tied to a third-party service, the only way to verify its validity is through that service itself. A better approach is to exchange the OAuth token for an access token of your own design, which you can control more effectively. Also, consider issuing a refresh token to maintain user sessions. This way, your app doesn't need to keep contacting the OAuth provider constantly. Just manage the life cycle of your own access and refresh tokens instead.

It depends on what your app requires! If you don't have special needs, using the OAuth2 token should work fine, especially if it's already a JWT. But keep in mind that sometimes the OAuth2 token needs to be sent along with requests to the service it belongs to. If you're worried about expiry, manage your own token lifecycle. Just make sure to verify the user status with the OAuth service as needed.