Client id, publish app security question / clarification

Hello there, I am setting up an rclone api to google drive and have flagged something.
When going to publish the app during creating my client id, there is a message stating:

Once you have set your app status as 'In production', your app will be available to anyone with a Google Account.

Am I misinterpreting this message? From the sounds of it, the app will be publically available?

I have looked online at the developer docs, and also found a few other people with the same question over forum posts, but no solid answers to the message.
[edit] however, I do have the oauth credentials compatible with the api under oauth2.0 client id's, perhaps the app is locked down to this user account?

The last thing I want to do is publish access to my drive or something, but im sure im just misinterpreting or missing something here, can anyone clarify?

Thanks Kindly.

As I understand - it means that if you share with me your client_id/secret I can use my Google account to create token bound to your setup. So as long as you do not make it public you have nothing to worry about.

Thankyou kindly for the confirmation :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.