Client ID : Is used to identify the application. Let's say you are building an App that would like to access google maps APIs, You need to register the app with google & google will give you client id which is an id to identify the client in our case it's your app. Client ID is publicly available. For example, If you use 3 legged oAuth like signIn with Google, you can see client id in URL. So, You cannot use client id as a secret.
Client Secret : This is the true secret key, which is stored on server side securely & not available to public.
Remember, Client ID & Client Secret is common for many other grant types apart from "Resource owner credentials grant". Yes, In resource owner password credentials client id is not exposed anywhere to public but it is supposed to be a public key in overall OAuth context. As per oAuth standard you need both Client ID & Client Secret along with user credentials to generate an access token. It's the standard defined by OAuth.
A straight forward answer is, It's OAuth specification. You need to send them both & store the secret securely in backend server along with client Id.
Hope it helps.
