Can Janrain appId be public?

Question

I can't a definitive answer as to whether or not Janrain AppId can be exposed publicly by a site that uses it in order to get third party apps to use the iOS SDK to perform authentication.

Background

The site uses Janrain Engage to do social sign-in (http://jabbr.net) and is an open source project. I am developing an iPhone app and in order to use Janrain's iOS SDK the app needs to know the server's Janrain AppId.

I don't want to hardcode the appId on the client as I want the client to be usable with any JabbR server, not just this particular one.

Question

Can I expose the appId through a public API call on the site that uses social signin? Are there any security issues around doing that?

PS. I did ask Janrain this question but since my account is just a free test account, I didn't get any response and my question got closed. Also their forums are readonly for free accounts, so no luck there as well. I worked out how to post on the forum.

Answer 1

This has been answered by Janrain on the community forums - https://community.janrain.com/requests/870 (login required):

There is absolutely nothing insecure when exposing the AppID. The App secret is what should > never be exposed.

Regards,

Duke
Janrain Support