When registering an application in Auth0, it seems only a single client secret can be associated with the registered app. That makes secret rotation tricky.
I see there is a feature to rotate secrets but it immediately invalidates the old secret. This makes it difficult for our app owners to rotate secrets with no downtime. Asking app owners to use two secrets in their code seems like an inelegant solution. Instead I’d rather keep the old secret alive for an arbitrary amount of time. I know competing systems like Azure App Registration supports multiple active secrets. Is there an equivalent here?