Chapter 22 describes the implementation of authentication using Google. I don’t understand why only one OAuth client ID is used.
The following is written above the Application type field:
A client ID is used to identify a single app to Google’s OAuth servers. If your app runs on multiple platforms, each will need its own client ID. See Setting up OAuth 2.0 for more information.
Why don’t we create a separate client ID for the iOS app, where the Application type is iOS? Instead, a single client ID is used, where the Application type is Web application
So if you were to integrate Google’s SDK and do the OAuth flow all in the iOS application, then yes you’d need register a separate client to do this. However, the book routes everything via the server application for a couple of reasons:
There’s no SDK to install in the iOS app, so less dependencies, less waiting for updates, smaller binary size and smaller compile time etc
No SDK if you’re not a fan of all the tracking Facebook/Google put in their SDKs
If they break the iOS login flow (as what happened with Facebook several months ago) you don’t have to worry about it because it’s all routed through your app.
I much prefer this way as there’s a single place to add new provider logic etc. Not all 3rd parties allow this in their terms and conditions and I am not a lawyer so can’t offer legal advice!