I followed instruction given here to expose Google Sign In button.
https://developers.google.com/identity/sign-in/web/sign-in
To confirm the token on server side, I am calling GoogleJsonWebSignature.ValidateAsync() as described on these answers.
It all works, but I am not using client secret on OAuth 2.0 Client IDs setting on Google Credentials page.
Am I making anything less secure?
Is the need for client secret mitigated by Authorized Javascript Origins on OAuth 2.0 Client IDs setting, because after all client secret is to ensure the legitimacy of the caller?
