It seems to demonstrate the realtime updates fine. However, you say that to do the same, you must deploy a google app and create a client ID. What is that? In your demo you demonstrate how to exploit client's ID from plain client HTML/javascript. Why web app, why application client ID? Shouldn't you capture it from javascript google authorization popup without any server web application at all?
It seems to demonstrate the realtime updates fine. However, you say that to do the same, you must deploy a google app and create a client ID. What is that? In your demo you demonstrate how to exploit client's ID from plain client HTML/javascript. Why web app, why application client ID? Shouldn't you capture it from javascript google authorization popup without any server web application at all?