To add to the other replies: you don’t need to keep the ClientID secret as they are conisdered public information
As per the guide - Getting OAuth Access Tokens | Twitch Developers
The ClientID is added to the URL that users click on be redirected to Twitch
The ClientID is then visible in the address bar when people click the accpet/decline button.
A clientID is kinda like the “machine friendly” name of your Application.
it’ll also be visible in any requests your code makes from the wrong end when using console or network montioring
