Client Secret Rotation for M2M Applications in Auth0

vipul.harish.mistry · October 30, 2024, 4:09pm

Hello Community,

We’ve registered an M2M application in Auth0 for our B2B customers. Following registration, a Client ID and Client Secret were generated.

Since our customer owns this Client Secret, they need a way to rotate it in accordance with their security policy. We’d like to enable our client to rotate the Client Secret only, without any capability to add, remove, or view users.

I considered using the Delegated Administration Extension for this, but it appears not to support M2M applications.

Could anyone advise on the best approach to enable client-controlled secret rotation?

Thank you in advance!

Regards
Vipul

gerald.czifra · December 17, 2024, 11:36pm

Hi @vipul.harish.mistry,

Welcome to the Auth0 Community!
Apologies for the late reply, Client Secret rotation is possible for M2M apps by opening the application on your Auth0 dashboard, scrolling to the bottom and clicking on " Rotate secret". This can also be done through the Management Api instead of the Auth0 Dashboard. You can find more information on this documentation.

Moreover, if setting a custom Client Secret is required, this can also be accomplished through the Management Api.

Thank you!
Gerald

Topic		Replies	Views
Rotating Client Application Secret without Downtime Knowledge Articles client-secret , downtime , rotate	2	4414	October 25, 2023
Rotate secret without downtime? Help	2	6618	December 17, 2018
Is it possible to have multiple app secrets? Help	3	7101	August 15, 2019
Multiple Application Secrets Help client-secret	9	4518	March 24, 2022
Rotating my client secret and base64 encode Help	6	4073	February 1, 2020

Client Secret Rotation for M2M Applications in Auth0

Related topics