Auth0 Home Blog Docs

Rotating my client secret and base64 encode

Hello, I currently have 2 auth0 environments where 1 has a client secret that’s base64 encoded while the other does not.
If i rotate my secret in the environment that has the base64 encoded one - will the new secret by without base64 encoding?
The docs says nothing about this.

Hello @mchristensen,

Welcome to the Community!

I’ve not noticed this before. I just went through a bunch of my tenants & apps and none of the secrets are base64 encoded. Curious that the dashboard explicitly states “The Client Secret is not base64 encoded.” Do your apps in question have that same line?

Maybe try saving the current secret and then rotating it? You can manually edit the secret so you can restore the old one if needed.

I tried putting a base64 encoded value into the secret for a test app … nothing happened and the dashboard still says “The Client Secret is not base64 encoded.”

Hi Markd,
Thanks for the suggestion, I didn’t realize you can manually edit the secret, so you’ve definitely given me a protip there. I’ll be giving this a try within the following weeks. :slight_smile:
Oh, and here you go:
image
I think it’s because the app is old, and back in the day they Base64 Encoded the secret. My other environment looks like yours.

That’s pretty interesting (well, to me anyway!)

I wonder why they changed to non-encoded secrets? My oldest apps / tenants are from late 2016 / early 2017 but I haven’t found any with encoded secrets. Not that it matters … I’m just curious!

Hi Markd,
We’ve now rotated our PROD environment secret, and the results was:
when rotating a base64 encoded secret, it does indeed loose the base64 encoding.
This means we now have our environments in exactly the same states, which is awesome!

Thanks for the tip with copying the old key before rotating, as it minimized the risk! :slight_smile:

Regards, mchristensen

2 Likes

Thanks a lot for sharing, glad you have it working now!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.