How do I validate an OAuth2 token obtained on an Android device via the Google Identity Toolkit (GitkitClient) on 3rd-party backend (custom python backend, non-gae)?

I'm able to obtain a token on Android via the use of GitkitClient.

But how can my non-google-app-engine (Python) backend verify that this token is valid (from Google)?

You could use the Google Identity Toolkit Python client library to verify that token: https://github.com/google/identity-toolkit-python-client.

p12_file = 'YOUR_SERVICE_ACCOUNT_PRIVATE_KEY_FILE.p12'
f = file(p12_file, 'rb')
key = f.read()
f.close()
gitkit_instance = gitkitclient.GitkitClient(
  client_id='YOUR_WEB_APPLICATION_CLIENT_ID_AT_GOOGLE_DEVELOPER_CONSOLE',
  service_account_email='YOUR_SERVICE_ACCOUNT_EMAIL@developer.gserviceaccount.com',
  service_account_key=key,
  widget_url='URL_ON_YOUR_SERVER_TO_HOST_GITKIT_WIDGET')

user = gitkit_instance.VerifyGitkitToken(request.COOKIES['gtoken'])