The OAuth2 spec distinguishes between “Confidential” and “Public” clients, the difference is in that “Public” clients cannot store any secret safely (i.e. client_secret).
Googles Identity Platform as of today does not support public applications under the “Web Application” profile. Flows always require a client_secret. As such, Googles Identity Platform is inferior to almost all other IdPs on the market. Even worse, google still advocates for the implicit flow, which is significantly less secure than Authorization Code Flow with PKCE. Due to this reason, mainstream client libararies such as oidc-client-ts don’t support implicit flow anymore and are thus incompatible for SPA with Google Cloud. Multiple threads on this topic are available here.
Please google, fix your basics ASAP.