Reputation: 1042
Why do we need clientID and clientSecret
I recently have implemented GoogleStrategy using passportJS and I am successful implementing it.
But why do I need to registering the app in google developer console and get the clientID and client Secret.
I am not successful in finding why it is needed. Could anyone please let me know why and when is it required?
Upvotes: 7
Views: 16366
Answers (2)
Reputation: 1358
You don't need both. There are many different OAuth grant types, and many of them do not require the client_secret.
Using the client secret is recommended for server-side apps (where the end user does not have access the client secret) because it is more secure. It is not recommended for client-side apps; those apps can be decompiled, thus leaking the client_secret.
Upvotes: 8
Reputation: 2414
Your clientID is used so that Google can identify your application and allow the usage of Google APIs and services as appropriate. It is all for authentication and authorization so that you can get the proper permissions and accesses to whatever Google APIs and services.
Your clientSecret is used to hold slightly more confidential information, such as your api usage, traffic information, and billing information.
Upvotes: 1
Related Questions
- passport.js throws Unknown authentication strategy "Google"
- Not able to understand passport's serializeUser, DeserializeUser and GoogleStategy
- Passport.js / Google OAuth2 strategy - How to use token on login for API access
- Why google Oauth verifyIdToken (javascript nodejs version) doesn't use client-secret?
- Authenticating googleapi node library with passport
- Lack of explanation to Google Sign-In documentation
- Why isn't the client secret needed for OAuth from Javascript?
- Is "profile" scope required for Google OAuth2.0?
- Using PassportJS google authentication with the nodejs google api library
- What does Passport.js use the client_id and client_secret for?