diff --git a/handlers_drive.go b/handlers_drive.go
index 2dccfe4b..d90312cf 100644
--- a/handlers_drive.go
+++ b/handlers_drive.go
@@ -1,6 +1,8 @@
 package main
 
 import (
+	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -18,6 +20,7 @@ var ClientId string
 var ClientSecret string
 
 const TokenFilename = "token_v2.json"
+const OauthCredentialsFilename = "oauth_client.json"
 const DefaultCacheFileName = "file_cache.json"
 
 func listHandler(ctx cli.Context) {
@@ -341,21 +344,46 @@ func aboutExportHandler(ctx cli.Context) {
 	checkErr(err)
 }
 
+func getOauthAppCredentials(credsPath string) (clientId string, clientSecret string, err error) {
+	if _, err := os.Stat(credsPath); errors.Is(err, os.ErrNotExist) {
+		return ClientId, ClientSecret, nil
+	}
+	var oauthCredentials struct {
+		ClientId     string `json:"client_id"`
+		ClientSecret string `json:"client_secret"`
+	}
+	content, err := ioutil.ReadFile(credsPath)
+	if err != nil {
+		return "", "", err
+	}
+	json.Unmarshal(content, &oauthCredentials)
+	clientId = oauthCredentials.ClientId
+	clientSecret = oauthCredentials.ClientSecret
+
+	return clientId, clientSecret, nil
+}
+
 func getOauthClient(args cli.Arguments) (*http.Client, error) {
+	configDir := getConfigDir(args)
+
+	credsPath := ConfigFilePath(configDir, OauthCredentialsFilename)
+	clientId, clientSecret, err := getOauthAppCredentials(credsPath)
+	if err != nil {
+		ExitF("Failed to load oauth app credentials: %s", err)
+	}
+
 	if args.String("refreshToken") != "" && args.String("accessToken") != "" {
 		ExitF("Access token not needed when refresh token is provided")
 	}
 
 	if args.String("refreshToken") != "" {
-		return auth.NewRefreshTokenClient(ClientId, ClientSecret, args.String("refreshToken")), nil
+		return auth.NewRefreshTokenClient(clientId, clientSecret, args.String("refreshToken")), nil
 	}
 
 	if args.String("accessToken") != "" {
-		return auth.NewAccessTokenClient(ClientId, ClientSecret, args.String("accessToken")), nil
+		return auth.NewAccessTokenClient(clientId, clientSecret, args.String("accessToken")), nil
 	}
 
-	configDir := getConfigDir(args)
-
 	if args.String("serviceAccount") != "" {
 		serviceAccountPath := ConfigFilePath(configDir, args.String("serviceAccount"))
 		serviceAccountClient, err := auth.NewServiceAccountClient(serviceAccountPath)
@@ -366,7 +394,7 @@ func getOauthClient(args cli.Arguments) (*http.Client, error) {
 	}
 
 	tokenPath := ConfigFilePath(configDir, TokenFilename)
-	return auth.NewFileSourceClient(ClientId, ClientSecret, tokenPath, authCodePrompt)
+	return auth.NewFileSourceClient(clientId, clientSecret, tokenPath, authCodePrompt)
 }
 
 func getConfigDir(args cli.Arguments) string {