n2ygk
commented
2 days ago Sounds like a cool idea. Conceptually analogous to rotating out refresh tokens.
Open dopry opened 2 days ago
n2ygk
commented
2 days ago Sounds like a cool idea. Conceptually analogous to rotating out refresh tokens.
Use case
As an application owner I would like to deploy a new client secret, update each of my deployments in turn, and finally remove the old one so that I do not cause downtime for my applications.
Proposal
Add a client secret model to with a 1 to many relationship to the Application model so that applications can have multiple client secrets. A user should never be able to delete all the client secrets, there should always be at least one.
@n2ygk I would love your thoughts on this.