Application showing a duplicated client_id and client_secret after copying tenant with auth0-deploy-cli

I used the auth0-deploy-cli tool to export one tenant and import it into a brand-new tenant for use with a staging environment. When I was adjusting the client_id and client_secret values of the new applications to match the new values in the new tenant, I noticed that one of my applications had the exact same client_id and client_secret of the corresponding application that I had exported from, as if it also had duplicated the client_id and client_secret of the original application. I thought this was weird, and quadruple-checked that I was on the correct tenant (I was), and switched tenants back and forth a few times to verify that the client_id and client_secret were the same (they were). I chalked it up to a weird bug in auth0-deploy-cli, and used the displayed values in the Auth0 dashboard as the client_id and client_secret for the new application.

However, when I actually tried to run the application, it wasn’t able to get a token using the client_id and client_secret, getting a 401 Unauthorized. I verified the token endpoint was the new tenant (it was), and the client_id and client_secret matched the values listed for the application in the new tenant. This time, however, the client_id and client_secret were different, and now showed unique values. When I used these new values to make a token request, it succeeded.

I know this is a weird bug, but something definitely went wrong. I’m fairly strongly confident it wasn’t a user-error, since I did notice it was strange that the client_id and client_secret were duplicated, and I verified multiple times that I was using the correct tenant. The best I can figure is that the client_id and client_secret were somehow cached and erroneously displayed.

Side note: I can’t choose the “bug” tag on the forum, for some reason.

Hey @nick.silvestri,

Thanks for reporting this.

Do you have some steps to reproduce the issue? It’s a bit hard to grasp without screenshots, code snippets, etc.

A sample config or Deploy CLI payload would also be really helpful.

Just to confirm, you were seeing the same Client ID/Client Secret across two tenants after you updated one with the Deploy CLI, but this was only in the Dashboard UI and the credentials would not work when you tried to use them to retrieve a token.

We are moving to a more rigid tagging system. Feel free to add a tag with your best effort, and an engineer on our team will re-tag if needed. Thanks.