Rotate Client Secrets

Rotate Client Secrets

Client secret rotation is essential to maintaining application security, ensuring that old secrets are no longer valid, and minimizing risks associated with leaked credentials. In Login 3.0, client secret management, including rotation, is handled by the UPBOND team upon request.

Steps to Rotate Client Secrets

  1. Contact the UPBOND Team:

    Provide the following details:

    • Application name or Client ID.

    • Request for client secret rotation or custom secret setup.

    • Any additional requirements for the secret (e.g., expiration policies or specific values).

  2. Secret Rotation by UPBOND:

    The UPBOND team will:

    • Rotate the client secret to generate a new value.

    • Share the new client secret securely with you.

    • Ensure the previous secret is valid temporarily during the transition period to avoid downtime.

  3. Update Authorized Applications:

    • Update all dependent applications or services with the new client secret.

    • Test the applications to ensure they authenticate successfully using the updated secret.

  4. Deactivate Old Secret:

    After verifying that all systems are updated, the UPBOND team will disable and remove the old secret to maintain security.

Best Practices for Client Secret Rotation

  • Avoid Public Storage:

    Never store client secrets in public applications or repositories. For public applications, use secure OAuth flows like Authorization Code Flow with PKCE.

  • Plan for Transition:

    Configure your applications to support a fallback mechanism where both old and new secrets can be used during the transition period. Remove the old secret after successful rotation.

  • Secure Communication:

    Ensure the new secret is securely distributed to all authorized applications or services.

  • Regular Rotation:

    Schedule regular client secret rotations as part of your security and compliance policies.

Custom Client Secrets

If you need to set a custom client secret instead of using an automatically generated one, notify the UPBOND team. Provide the desired secret value securely, and the team will configure it for your application.

Benefits of Client Secret Rotation

  • Enhanced Security:

    Mitigates risks associated with secret leaks by limiting the validity period of old secrets.

  • Compliance:

    Helps meet industry standards and regulatory requirements for key management.

  • Reduced Downtime:

    By enabling dual-secret use temporarily, client secret rotation can be performed without interrupting application functionality.

PreviousRotate CredentialsNextConfigure Applications with OIDC Discovery

Last updated

Was this helpful?