Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the usage of the client_secrets.json file?

Tags:

google-api

I am working on writing a program using the Google Tasks API in Python. I have downloaded and run the sample application from Google, and it comes with a file called client_secrets.json. I understand that the file is used for OAuth authentication, but my question is should I distribute this file to users? Should I push it to my public source repo? Or is it supposed to be kept secret? If I shouldn't share it, how would other users do the authentication?

Thanks for reading.

like image 602
Ian Finlayson Avatar asked May 20 '14 13:05

Ian Finlayson

People also ask

How do I use Google Drive with client secret JSON file?

Go to Google API Console. Go to the Credentials page. Click the Download JSON button to download the client secret JSON file and securely store it in a local folder. This JSON file can then be used by Google Drive components and metadata wizard to access Google Drive via the OAuth method Installed Application (JSON) .

What is Client_id and Client_secret?

Registered OAuth applications are assigned a unique Client ID ( client_id ) and unique Client Secret ( client_secret ). By sending the client_id and the client_secret , you are letting Sell API know which application is accessing the API. Only requests to the Authorization Server require client credentials.

What is a client ID?

A Client ID is an identifier associated with an application that assists with client / server OAuth 2.0 authentication for ArcGIS client APIs . Developers create a client ID by defining an application on their developer dashboard.

1 Answers

The Google API Client Library OAuth2 docs states,

Keep your client secret private. If someone obtains your client secret, they could use it to consume your quota, incur charges against your Developers Console project, and request access to user data.

So don't commit or otherwise distribute the file.

If you want to publicly share your application source code, instruct others to use their own Google Developer account to register their own Google Developer project and generate their own app OAuth credentials (client_secrets.json file) for use with their "installation" of the app.

If you were making the application commercially available, you would seemingly need to share the app credentials with them in a trusted, legally protected, or secure manner.

like image 75
user3490818 Avatar answered Oct 05 '22 19:10

user3490818
Sign in to Comment

Related questions

Google Maps API key may be invalid for your bundle ID
Google Cloud API - Application Default Credentials
UNREGISTERED_ON_API_CONSOLE while getting OAuth2 token on Android
Is there an URL to open the Gmail compose window with a specific message ID in full-screen (pop-out)
Google Input Tools "API" -- can it be used?
Adding custom marker text to Google Map
Spring Boot + Spring Security + Spring OAuth2 + Google Sign in
Google API: 404 Domain not found
Location Data Google Photos API
Play Services Hint Request cannot display phone numbers when requested
How to automate login to Google API to get OAuth 2.0 token to access known user account
Google Calendar API v3 Access Not Configured
Share a Drive document without notifying user with Google Apps Script
Google API Client "refresh token must be passed in or set as part of setAccessToken"
How to get Google +1 count for current page in PHP?
Google URL Shortener 403 Rate Limit Exceeded
Not able to display embedded images in HTML using Gmail API + rails
Google Sign-In API Hang with uncaught error Failed to get parent origin from URL hash
What is the rate limit for direct use of the Google Analytics Measurement Protocol API?
Using Google OAuth on localhost

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!