Rotating the client secret for an application
For security reasons, you should change an application’s client secret on a regular basis. If you think the client secret might have been compromised, you should change it immediately.
After you update a client secret in PingOne, you must ensure that all applications that use the secret are updated. You can retain the previous client secret to give application owners time to update the secret without causing sign-on errors for their users. Use the PingOne admin console or the PingOne API to change a client secret.
Client secrets apply only to OIDC-based applications. |
For more information, see:
-
To use the PingOne API to rotate a client secret, see Application secret in the PingOne Platform API Reference.