Should the Auth token and/or client ID be secret?

Alright
:slight_smile: