Client secret Rotation

Question

We are working on a security exercise related to secret rotation in our product for Box. Based on Box documentation, creation of multiple active secrets against a client id is not supported. Only option here is to create a new refresh token and swap it with older refresh token. But considering our use case this will introduce downtime for users.
Wanted to know if there is an option to create more than 1 secret for a single client id. Or is there a plan to support similar feature in Box in near future.

community-manager · Answer

Hi there,Welcome to Box Community and glad to help!Looks like you have a designated team that communicates with Box directly.At this rate, please reach out to your internal helpdesk team to contact Premier Services.Thanks for posting!

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded