Hi, Is there a way to change the OAuth2 client secret without changing the client ID?
>From what I can see, the only option is to generate a new client ID and secret together, meaning any refresh tokens obtained against the old client ID are effectively useless. If that is the case, what's the point of having a separate ID and secret? Surely they should just be a single property of the application. This appears to be a design flaw with separating authentication from authorization. I can't periodically change the client secret as a security best practice (like changing your password on a regular basis) without having to get all my clients to re-authorize me. -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and Google+: https://googleadsdeveloper.blogspot.com/ https://plus.google.com/+GoogleAdsDevelopers/posts =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to adwords-api+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
