我应该如何使用Google oAuth 2.0？

What I'm trying to achieve is to allow anyone to login to the site and only certain registered user with permission are allowed launch the "Tap this button..."

The thing is, I'm very uncertain as to how to verify whether the user is logged in and has legitimate token to access the button. Should I store the token on client's browser and push it to the server when the button is pressed, is that safe?

Should I be using PHP in this case?

My main page:

Javascript & AJAX:

var token;
function onSignIn(googleUser) {
var profile = googleUser.getBasicProfile();
token = googleUser.getAuthResponse().id_token; // should I store the token?

var form = {
"ID": profile.getId(),
    "Name": profile.getName(),
    "Email": profile.getEmail(),
    "Image_URL": profile.getImageUrl(),
}
$.ajax({
    method: "POST",
    url: "php/verification.php", // register account and save to db.
    data: form,
    dataType: "json",
    success: function(data) {
        console.log(data.result)
    }
})
}

I'm also very vague with the documentation: https://developers.google.com/identity/sign-in/web/backend-auth

Will be very happy if there's anybody could enlighten my path and clear up my frustration.

Yes, that is the recommended way to do it in the documentation you linked.

Since you're using PHP, you'll verify the token using Google's PHP SDK. Here's a simple example:

/* Create the client, and add your credentials */
$client = new Google_Client();
$client->setClientId('your_client_id');
$client->setClientSecret('your_client_secret');

/* Verify the token you received */
$ticket = $client->verifyIdToken($_POST['token']);

/* Get the response details */
$data = $ticket->getAttributes();

/* Retrieve user's unique Google ID */
echo json_encode(['user_id' => $data['payload']['sub']]);