"The process results in a client ID and, in some cases, a client secret, which you embed in the source code of your application. (In this context, the client secret is obviously not treated as a secret.)"[0]

[0]: https://developers.google.com/identity/protocols/oauth2