Paras-code-007
commented
3 years ago I was building something and was also looking for a way in which my apps credential is not exposed and I can distribute the app too
or automate the process of building the app in Google API console and OAuth key on the client side
in the file init has exposed credentials
Important: Do not store the client_secret.json file in a publicly-accessible location. In addition, if you share the source code to your application — for example, on GitHub — store the client_secret.json file outside of your source tree to avoid inadvertently sharing your client credentials.