Support multiple client secret for better client secret rotation and usage
We would like to request for a new feature to allow multiple client secrets to be active at the same time for each client. Preferably, each client secret should have a name / description and set expiration for each secret.
This implementation is already existing in AzureAD.
- One of our security requirement is to regularly rotate client secrets. The current implementation carries operational risk because the old client secret will no longer work immediately, but the gap of updating the secret will cause issue. Having multiple client secret with expiry ensures sufficient time to issue new client secret and update it.
- This implementation also allows us to issue client secret to developers for local or troubleshooting use cases without compromising actual client secret used in deployed environments