I'm using google client id and secret to get an access token for google authentication(sing in, sign up) in a app for android and ios.Wondering if the id and secret are in secure at own server and the users get them from server when they sign up and ...