Going by the GAE docs for the Channel API,
Only one client at a time can connect to a channel using a given Client ID, so an application cannot use a Client ID for fan-out. In other words, it's not possible to create a central Client ID for connections to multiple clients.
seems contradictory to
Treat the token returned by create_channel() as a secret. If a malicious application gains access to the token, it could listen to messages sent along the channel you are using.
How can they both be true? But more importantly, I'm planning to create one channel for each logged in user in my app. Now if the user opens up a new tab with the app, can I use the same token again? The alternative of creating one channel per tab the user has open sounds quite odd, not to mention expensive.