Menu
everyone. I'm recently learning OAuth authentication. I'm playing around with google's oauth api. In the tutorial for Google Sign-In for server-side apps, in the third step - Initialize the GoogleAuth object, you need to provide the client id to initialize the GoogleAuth object. I'm just wondering if we need to keep the client id secret because right now anyone can find out what the client id is by looking into the javascript.
403
You don't need to hide the client ID, provided that you restricted access to specific JavaScript origins and redirect URI's on the server side. See more details on this Quora thread or this IETF thread.
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
