Security review on Google Client_id and Client_secret #472
Description
To allow the library to generate an Id_token based on the User Credential, I reuse the client_id and the client_secret provided by the gcloud SDK. I got them like this
gcloud config set log_http_redact_token false
gcloud auth print-identity-token --log-http
The request body print in plain text these values
Therefore, these values are quite easy to find and I don't think they need a special security to protect them in this library or even on github.
However, to have a security review on this can be great to define what to do exactly.