How to handle Enterprise connection client secret expiration?

Microsoft Azure client secret has an associated expiration date. How do you go about handling the expiration to avoid service disruption? Remember that the said IDP is controlled by our customer and not by us. Thanks

Hi @jquerijero :wave:

There is a relevant to your question feature request - Support multiple client secret for better client secret rotation and usage - #20. Unfortunately, it won’t appear implemented this year :frowning:

For the time being, a workaround for app credentials rotation with zero downtime is to use Private Key JWT, where requests are signed with a private key by the app and Auth0 validates that with the corresponding public key, as registered for the App.

You may also find this Knowladge Article relevant: Rotating Client Application Secret without Downtime

Please take a look and let us know your questions.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.