I want to implement the Google calendar in my application. So as a developer I go to the console download my secret.json and can now access the data. But as a customer you don't have to deal with all of that you just see the OAuth Screen and then you can login. So how do I get from I have to download the secret manually to just login.
Automated client secret
115 Views Asked by Tom Riddle At
1
The concepts are different. One important note is that the client means the client application. The user uses an application, which is client of an Identity Provider (in your case, Google, right?).
The user login is the way that the user tells the Identity Provider who he is. This is typically done using the Authorization Code Flow.
The secret (client secret), when used, must be known solely by the client application and the Identity Provider (auth server). In this way, when the application performs a request to the server, the secret helps to prove the authenticity of the request. Sometimes, a secret is required, but not always, and it may be optional.
So, the client secret may be employed in different scenarios, such as the mentioned Authorization Code Flow or commonly in machine-to-machine flows (e.g. the Client Credentials Flow).
Perhaps, you are implementing something like Google docs describe here. You can probably use an Authorization Code Flow, with your app sending the secret to Google Identity Server (however, the user does not know this).