Hey there!
So that’s the update from our product team on that front.
This feature request makes full sense and it is in our radar of roadmap candidates.
The good news is that we already offer an alternative for app credentials rotation with zero downtime. Enterprise customers can use Private Key JWT, where requests are signed with a private key by the app and Auth0 validates that with the corresponding public key, as registered for the App. This feature is in Early Access and will be in GA by mid April.
I’m gonna mark it as a temporary solution but obviously that doesn’t stop here.