Refreshing Client Secret

If the client_secret for a production application is compromised you can refresh this from the Credentials page of the Application by following the below steps:

  1. Open the Credentials page for the Application

  2. Under the Client secrets heading click on Generate a new client secret

  1. Review the warning on the next screen and if you wish to proceed click on Generate Secret
  1. Specify a name and set when you would like the secret to expire - if this is the new long term secret you can leave this as Do not change and then click Update secret
  1. Back on the Credentials page, select the cog icon to the right of the old secret. If you want this to expire immediately you can select Stop accepting now and click Update secret