We need roll out a new client secret for a connected app. From developer portal, it seems I can simply reset the client secret. However, I wonder what will happen if a new client secret is issued. Will exiting access tokens be revoked? We may take a few days to deploy the new client secret. Is there any way to avoid service interruption?
Thanks,
Alex
You are correct. Once you reset - the older secret becomes invalid. However, the last token retrieved will still work until it expires (the refresh token will not)...
Thank you Alex! What is the lifetime for the access token? I am glad to know resetting app secret will not revoke existing access tokens. But if a token expired, it might not be renewed if new secret is not fully deployed in prod.
https://developer.box.com/guides/authentication/tokens/
Above describes the various tokens and their time expirations.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
