Restrict ability to redownload client secrets

Feature: Provide a short title of your feature request/feedback.

Current admin portal allows people with access to redownload copies of an M2M account (and maybe others) after the account is configured. Many systems block this ability without forcing a new credential. Allowing repeat credential download is a security risk for insider threats.

Description: Give us some details about your feedback/feature request. Examples, screenshots, videos, etc. are helpful.

Restrict access to token / client secret to only on creation. Force rotation of credential on needing to update token.

Whilst this has the risk of causing a system outage the result is clear that someone attempted to access the token or secret. Currently it is too easy to have another person gain access to the credential and to misuse the secret.

Use-case: Tell us what you are building. How would the feedback/feature improve your experience?

M2M application deployment

Thanks for the feedback @edwardnewman ! Don’t forget to go ahead and upvote this yourself :slight_smile: