Microsoft Azure client secret has an associated expiration date. How do you go about handling the expiration to avoid service disruption? Remember that the said IDP is controlled by our customer and not by us. Thanks
Hi @jquerijero
There is a relevant to your question feature request - Support multiple client secret for better client secret rotation and usage - #20. Unfortunately, it won’t appear implemented this year
For the time being, a workaround for app credentials rotation with zero downtime is to use Private Key JWT, where requests are signed with a private key by the app and Auth0 validates that with the corresponding public key, as registered for the App.
You may also find this Knowladge Article relevant: Rotating Client Application Secret without Downtime
Please take a look and let us know your questions.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.