Revoking a client secret for an application
When you generate a new client secret for an OIDC-based application that has an existing client secret, you have the option to retain the previous secret for a certain period of time. If you no longer need the previous secret before it is set to expire, you can revoke it manually from the application’s configuration tab.
About this task
Client secrets apply only to OIDC-based applications.
For security purposes, revoke the previous client secret as soon as you know it is no longer needed. |
Steps
-
Go to Applications → Applications and browse or search for the application for which you want to revoke the client secret.
-
Click the application entry to open the details panel.
-
Click the Configuration tab, and locate the Previous Client Secret section.
If the previous client secret already expired or was not retained, this section does not appear.
-
Click Revoke Previous Client Secret.
This action cannot be undone.
-
In the confirmation message, select I understand and would like to continue. Click Confirm.
Result
The previous secret is revoked. Users must have the new client secret to access the application.