Now, you have the ability to independently regenerate new client secrets as required for applications built on Azure DevOps' OAuth platform. Maintaining a valid and active client secret is crucial for obtaining a refresh token, ensuring uninterrupted usage of your application. Once the secret expires, access and refresh tokens necessary for accessing Azure DevOps APIs through the app will no longer be obtainable.
Why is this significant?
Traditionally, client secrets expired five years after the initial creation of the app. This new feature empowers users to proactively address app expiration by replacing soon-to-expire client secrets before they cause unexpected service disruptions. Additionally, in cases where a client secret has been compromised, app owners are urged to promptly revoke the existing secret and generate a new one to mitigate unauthorized usage of their application.
Previously, app owners had to engage Azure DevOps customer support to renew their client secrets for another five years. This is no longer necessary, as app owners now have the autonomy to renew their client secrets at their convenience. This flexibility enables them to update the client secret more frequently than the default five-year interval, aligning with their company's compliance requirements.
How to regenerate the client secret?
You can regenerate a client secret by accessing the application page on your profile. A new "Regenerate Secret" button and the secret's expiration date are now available. It's important to note that generating a new client secret will result in the expiration of the previous one, along with any previously issued access tokens for the app. Plan accordingly for any necessary downtime while transitioning to the new secret.
What about new OAuth apps?
This functionality is specific to Azure DevOps OAuth apps and does not apply to Entra OAuth apps created via the Microsoft Identity platform. We recommend that all new applications consider using the Entra OAuth app platform, which receives regular updates with new functional and security features. Existing Azure DevOps OAuth app owners are also encouraged to explore migrating to Entra OAuth for their applications, where feasible.
0 Comments