I used the auth0-deploy-cli tool to export one tenant and import it into a brand-new tenant for use with a staging environment. When I was adjusting the client_id and client_secret values of the new applications to match the new values in the new tenant, I noticed that one of my applications had the exact same client_id and client_secret of the corresponding application that I had exported from, as if it also had duplicated the client_id and client_secret of the original application. I thought this was weird, and quadruple-checked that I was on the correct tenant (I was), and switched tenants back and forth a few times to verify that the client_id and client_secret were the same (they were). I chalked it up to a weird bug in auth0-deploy-cli, and used the displayed values in the Auth0 dashboard as the client_id and client_secret for the new application.
However, when I actually tried to run the application, it wasn’t able to get a token using the client_id and client_secret, getting a 401 Unauthorized. I verified the token endpoint was the new tenant (it was), and the client_id and client_secret matched the values listed for the application in the new tenant. This time, however, the client_id and client_secret were different, and now showed unique values. When I used these new values to make a token request, it succeeded.
I know this is a weird bug, but something definitely went wrong. I’m fairly strongly confident it wasn’t a user-error, since I did notice it was strange that the client_id and client_secret were duplicated, and I verified multiple times that I was using the correct tenant. The best I can figure is that the client_id and client_secret were somehow cached and erroneously displayed.
Side note: I can’t choose the “bug” tag on the forum, for some reason.