This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Google client Id and secret should be private data?

Posted on 11-15-2023 05:04 PM
HiThere
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'm using google client id and secret to get an access token for google authentication(sing in, sign up) in a app for android and ios.

Wondering if the id and secret are in secure at own server and the users get them from server when they sign up and sign in with google account?
Or is it fine that client id and secret is in code, not encryped.

I couldnt find the information in google document now, please leave the document if it's informed to refer.

0 1 191
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Are you using Apigee for any of this? And are you aware that this is an Apigee forum? 

In general, anything labeled or named "secret" is probably a secret. 

I'm not an expert but if you want your consumer app to get an access token, you should be using OAuthV2.  That will require you to set up an OAuth2 consent screen, specify redirect URLs, and so on.  And even set a list of test users before you publish the app.  Publishing the app is another step. So read up on that. 

Good luck. 

 

0 Likes
Top Solution Authors
View all