1. Administration and security
  2. Security
  3. OAuth Clients
  4. Create an OAuth 2.0 client
  5. Rotate client secret

The client secret is a confidential key used to communicate with the authorization server. Client secret example: 1912308468823890 

You rotate your client secret to issue a refresh token and invalidate the prior token. This adds an additional layer of security. To rotate the secret:

  1. Select OAuth Clients from the main menu.
  2.  Select a client from your list.
    The inspector opens on the right.
  3. Beneath Refresh token behavior, select either:
    ·Non-rotatable or
    ·Rotatable
  4. Specify the Refresh token lifetime. Either:
    • Input a value directly.
    • Use the arrows at the end of the  row to  increase or decrease the token duration.

Note: A 12-hour token would be 43,200 seconds. This is the default. The maximum is 365 days for a token to remain valid. Consult your company's security policies on this.

Right-side inspector with enable client and Refresh token behavior displayed.



Disclaimer

We may update our documentation occasionally, but will only do so in a way that does not negatively affect the features and functionality of the Anaplan service.