Rotate Client Secret
You can change an app's client secret using Auth0's Dashboard or the Management API. When you rotate a client secret, you must update any authorized apps with the new value.
Dashboard
Go to Auth0 Dashboard > Applications > Applications, and select the name of the application to view.
Scroll to the bottom of the Settings page, locate the Danger Zone, select Rotate, and confirm.
View your new secret by scrolling to the top of the Settings page, locating Client Secret, and selecting its eye icon.
Update authorized applications with the new value.
Management API
Make a
POST
call to the Rotate a Client Secret endpoint. Be sure to replaceYOUR_CLIENT_ID
andMGMT_API_ACCESS_TOKEN
placeholder values with your client ID and Management API access token, respectively.to configure this snippet with your account
curl --request POST \ --url 'https://YOUR_DOMAIN/api/v2/clients/YOUR_CLIENT_ID/rotate-secret' \ --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN'
Was this helpful?/to configure this snippet with your account
var client = new RestClient("https://YOUR_DOMAIN/api/v2/clients/YOUR_CLIENT_ID/rotate-secret"); var request = new RestRequest(Method.POST); request.AddHeader("authorization", "Bearer MGMT_API_ACCESS_TOKEN"); IRestResponse response = client.Execute(request);
Was this helpful?/to configure this snippet with your account
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "https://YOUR_DOMAIN/api/v2/clients/YOUR_CLIENT_ID/rotate-secret" req, _ := http.NewRequest("POST", url, nil) req.Header.Add("authorization", "Bearer MGMT_API_ACCESS_TOKEN") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }
Was this helpful?/to configure this snippet with your account
HttpResponse<String> response = Unirest.post("https://YOUR_DOMAIN/api/v2/clients/YOUR_CLIENT_ID/rotate-secret") .header("authorization", "Bearer MGMT_API_ACCESS_TOKEN") .asString();
Was this helpful?/to configure this snippet with your account
var axios = require("axios").default; var options = { method: 'POST', url: 'https://YOUR_DOMAIN/api/v2/clients/YOUR_CLIENT_ID/rotate-secret', headers: {authorization: 'Bearer MGMT_API_ACCESS_TOKEN'} }; axios.request(options).then(function (response) { console.log(response.data); }).catch(function (error) { console.error(error); });
Was this helpful?/to configure this snippet with your account
#import <Foundation/Foundation.h> NSDictionary *headers = @{ @"authorization": @"Bearer MGMT_API_ACCESS_TOKEN" }; NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://YOUR_DOMAIN/api/v2/clients/YOUR_CLIENT_ID/rotate-secret"] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0]; [request setHTTPMethod:@"POST"]; [request setAllHTTPHeaderFields:headers]; NSURLSession *session = [NSURLSession sharedSession]; NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { if (error) { NSLog(@"%@", error); } else { NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response; NSLog(@"%@", httpResponse); } }]; [dataTask resume];
Was this helpful?/to configure this snippet with your account
$curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://YOUR_DOMAIN/api/v2/clients/YOUR_CLIENT_ID/rotate-secret", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_HTTPHEADER => [ "authorization: Bearer MGMT_API_ACCESS_TOKEN" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
Was this helpful?/to configure this snippet with your account
import http.client conn = http.client.HTTPSConnection("") headers = { 'authorization': "Bearer MGMT_API_ACCESS_TOKEN" } conn.request("POST", "/YOUR_DOMAIN/api/v2/clients/YOUR_CLIENT_ID/rotate-secret", headers=headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
Was this helpful?/to configure this snippet with your account
require 'uri' require 'net/http' require 'openssl' url = URI("https://YOUR_DOMAIN/api/v2/clients/YOUR_CLIENT_ID/rotate-secret") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["authorization"] = 'Bearer MGMT_API_ACCESS_TOKEN' response = http.request(request) puts response.read_body
Was this helpful?/to configure this snippet with your account
import Foundation let headers = ["authorization": "Bearer MGMT_API_ACCESS_TOKEN"] let request = NSMutableURLRequest(url: NSURL(string: "https://YOUR_DOMAIN/api/v2/clients/YOUR_CLIENT_ID/rotate-secret")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
Was this helpful?/Value Description YOUR_CLIENT_ID
Τhe ID of the application to be updated. MGMT_API_ACCESS_TOKEN
Access Tokens for the Management API with the scope update:client_keys
.Update authorized applications with the new value.