Webextension : Where to Store ClientId (OAuth2)

gabor.shepherd.work · August 21, 2021, 11:12am

Hi,

In my webextension I want to use google drive to make backups on google drive.
Is it safe to store the clientId in webextension source code (github, .xpi) or is it a security issue?

I found 1 discussion about it where they say that it is fine :

But I am not sure. What is your opinion?

Kind regards,
Gabor

freaktechnik · August 21, 2021, 11:12am

Client IDs should be fine, however secrets and tokens may be a different issue.

gabor.shepherd.work · August 21, 2021, 11:36am

So I have a clientId with no secret. In this case is it OK?

freaktechnik · August 21, 2021, 11:54am

Should be fine, yes.

Nwande_Joshua · March 9, 2022, 8:32am

For security. I think Google drive already have security measures put in place to secure file stored by user