The client secret is a confidential key used to communicate with the authorization server. Client secret example: 1912308468823890
You rotate your client secret to issue a refresh token and invalidate the prior token. This adds an additional layer of security. To rotate the secret:
- Select OAuth Clients from the main menu.
- Select a client from your list.
The inspector opens on the right. - Beneath Refresh token behavior, select either:
·Non-rotatable or
·Rotatable - Specify the Refresh token lifetime. Either:
- Input a value directly.
- Use the arrows at the end of the row to increase or decrease the token duration.
Note: A 12-hour token would be 43,200 seconds. This is the default. The maximum is 365 days for a token to remain valid. Consult your company's security policies on this.