Showing results for 
Search instead for 
Did you mean: 
Frequent Visitor

Handle client secret rotation for certified connectors


What will be the best practice to implement client secret rotation for a certified custom connector that uses OAuth?

Will the connector needs to be updated (recertified) each time a client secret is rotated (for security reasons), how will this affect existing flows?


Best practice would be to rotate secret with a set timeline that aligns with your security requirement. If you decide 1 year rotation time, make sure a new client id and secret is created at least a month BEFORE the expiration. Submit a connector certification request with the same set of connector files even if there is no update. Once the new secrets are submitted it will be securely stored and securely deployed during the deployment. If the existing secrets aren't expired, the new ones are valid, and there is no other change in the connector, existing flows will not be impacted.

If this reply answers your question or solves your issue, please ACCEPT AS SOLUTION ☑️. If you find this reply helpful, please consider giving it a LIKE 👍.

Helpful resources

Microsoft 365 Conference – December 6-8, 2022

Microsoft 365 Conference – December 6-8, 2022

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Difinity Conference 2022

Difinity Conference 2022

Register today for two amazing days of learning, featuring intensive learning sessions across multiple tracks, led by engaging and dynamic experts.

European SharePoint Conference

European SharePoint Conference

The European SharePoint Conference returns live and in-person November 28-December 1 with 4 Microsoft Keynotes, 9 Tutorials, and 120 Sessions.

Users online (4,548)