You don't. Anyone can see and intercept it (as you stated), which is the root of the confused deputy problem.
That's why you validate your tokens. For a simple explanation of token validation and the confused deputy problem, check out this great SO question and answer on How and why is Google OAuth token validation performed.