What is the point of this demo?

It seems to demonstrate the realtime updates fine. However, you say that to do the same, you must deploy a google app and create a client ID. What is that? In your demo you demonstrate how to exploit client's ID from plain client HTML/javascript. Why web app, why application client ID? Shouldn't you capture it from javascript google authorization popup without any server web application at all?
