Auth0 Home Blog Docs

Client_Secret is stored in clear text

Is there any reason why client_secret is stored in clear text by Auth0? even to its only revealed on demand, it means that if there is a leak Auth0 will expose this client_secrets?

@kuryaki,

Welcome to the Auth0 Community Forum!

The client secret is needed to configure your applications, and as such must be accessible by the Auth0 account admin.

This doc contains some info about client secrets and how to rotate them in case they are compromised.

Does that make sense?

Thanks,
Dan

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.