Is it safe to include a Google API Client ID Key in the manifest?

[Pavel Savshenko]

Hi guys,

I want to publish a simple extension to the webstore. The app uses the Gmail API and thus requires user authentication/authorisation.

I am wondering whether it is safe to publish the extension to the web store with a "Client ID" embedded in the manifest?

I basically want to rely on the User identity auth flow described in docs and then use the token to make the api calls, e.g:

chrome.identity.getAuthToken({ 'interactive': true }, function(token) {

  gapi.auth.setToken({access_token: token});

  gapi.client.load('gmail', 'v1', gmailAPILoaded);

});

Does this sound legitimate to you guys?

Regards,

Pavel