Our server is running Moodle 3.3.
I've added Google oauth2 and I limited logins\registration to our g suite domain.
Then I decided to see what would happen if someone tried to login with a normal google account.
This is what I saw: https://imgur.com/a/gjzkS8D
Client ID was exposed. Is this supposed to happen? Yeah, I know that the secret is still unknown, but it doesn't feel right.