The client secret is a confidential key used to communicate with the authorization server. Client secret example: 1912308468823890 

You rotate your client secret to issue a refresh token and invalidate the prior token. This adds an additional layer of security. To rotate the secret:

  1. Select OAuth Clients from the main menu.
  2.  Select a client from your list.
    The inspector opens on the right.
  3. Beneath Refresh token behavior, select either:
    ·Non-rotatable or
    ·Rotatable
  4. Specify the Refresh token lifetime. Either:
    • Input a value directly.
    • Use the arrows at the end of the  row to  increase or decrease the token duration.

Note: A 12-hour token would be 43,200 seconds. This is the default. The maximum is 365 days for a token to remain valid. Consult your company's security policies on this.

Right-side inspector with enable client and Refresh token behavior displayed.