English
  2. Administration and security
  3. Security
  4. OAuth Clients
  5. Create an OAuth 2.0 client
  6. Rotate client secret
Create an OAuth 2.0 client

Rotate client secret

The client secret is a confidential key used to communicate with the authorization server. Client secret example: 1912308468823890 

You rotate your client secret to issue a refresh token and invalidate the prior token. This adds an additional layer of security. To rotate the secret:

  1. Select OAuth Clients from the main menu.
  2.  Select a client from your list.
    The inspector opens on the right.
  3. Beneath Refresh token behavior, select either:
    ·Non-rotatable or
    ·Rotatable
  4. Specify the Refresh token lifetime. Either:
    • Input a value directly.
    • Use the arrows at the end of the  row to  increase or decrease the token duration.

Note: A 12-hour token would be 43,200 seconds. This is the default. The maximum is 365 days for a token to remain valid. Consult your company's security policies on this.

Right-side inspector with enable client and Refresh token behavior displayed.



Disclaimer

We update Anapedia content regularly to provide the most up-to-date instructions.