How-tos

2 mins read

Client Secrets Management

Learn how Cloudentity allows you to manage your clients secrets. Find out what client secrets are and how the management of secrets can affect your system security.

Client Secret Rotation

With Cloudentity you can rotate client secrets by using one of the following ways:

Remember

Rotating and revoking client secrets is permanent and it cannot be undone.

Rotate Client Secrets Using API

Prerequisites

Use Cloudentity API to Rotate Secret

  1. In your terminal, enter the request to the rotate client secret endpoint with the parameters and the headers properly configured. Execute it.

    curl --location --request POST 'https://{tid}.authz.cloudentity.io/api/admin/{tid}/clients/{cid}/rotateSecret' \
     --header "Authorization: Bearer $AT"
    

    Tip

    The {tid} parameter is for your tenant identifier. You can find it right at the beginning of your Cloudentity URL.

    The {cid} parameter is for your client application identifier. You can find it in your application settings.

    Replace the $AT environment variable with your access token.

    Result

    As the result of your request:

    1. A new secret is generated for your application.

    2. Previous secret is moved to the rotated client secrets list. If there is an already rotated client secret stored in the list, it is revoked.

    3. New secret is added to your application.

    4. You receive the new secret as the response in the terminal.

Updated: Jun 20, 2023