Clarification on client_id and client_secret for public script for box users to upload files

HI I need some clarification.. I'm looking at creating a python script to have (box) users login in and upload local files to their box.com account. To do this I'm going to create an OAuth2 script (correct me if I'm wrong).

https://developer.box.com/guides/authentication/oauth2/with-sdk/

Using my created script, the user can specify their email/account/client_id and client_secret to log in. The part I'm not totally sure on is the following:

• Is the 'client_id' my client_id that I get the from the developer console (and doesn't change when another user uses my script)?
• Is the 'client_secret' the users client_secret that they get from the developers console?
• OR is the 'client_id' and 'client_secret' both the other user's id and secret that they get when they create an app in the dev console and use those two fields from when they 'create a new app' (Custom App->Standard OAuth 2.0 App) in their own console. They would put those two newly created fields into my script when they run it themselves?

Everything that I've read normally shows how only one particular user can use their own script/app using the SDK for personal use (and not have the ability to let someone else use my script for their own use). I don't want someone else to use my credentials, I want any box user to be able to use my script to upload local files to box.

Am I getting any of this correct? Any help/clarification would be great...