feat: Docs for client secret rotation#2424
Conversation
068aa3d to
5e927b3
Compare
|
Javascript integration test failure seems like a CI issue and unrelated to these changes |
|
@wassimoo @unatasha8 would you kindly take a look at this pls? |
19afb45 to
29299a0
Compare
vinckr
left a comment
There was a problem hiding this comment.
lgtm :) fixed some layout issues
unatasha8
left a comment
There was a problem hiding this comment.
In general, keep to singular for 'secret' if the process is one at a time. Pick one to use client(s), client service(s), service(s), application(s) etc. I tried to change all to client services.
Apply the terminology suggestions from the review: singular "secret", and
"client service" used consistently.
Also fix the rotation endpoint path. All four curl examples used
/admin/clients/{id}/secret/rotate, but the implemented route is
/admin/clients/{id}/secrets/rotate, so every example returned 404.
Answer the two open review questions in the text: say where to store the new
secret, and confirm that secrets do not expire on their own.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Pushed 056df20 to address @unatasha8's review. Summary of what changed, including three places where I did not apply a suggestion literally — flagging those so you can push back. Applied
Bug found while editingAll four Answers to the open questions
Deviations from the literal suggestions
Happy to take any of these the other way — say the word. |
…lementation - Pluralize 'secrets' and use 'can be used to authenticate' wording per review - Rename subheading to 'Rotate OAuth2 client secret' - Document auth method restriction (client_secret_basic/client_secret_post), the five-secret retention limit, and that set/patch clears rotated secrets Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Related Issue or Design Document
Docs updates for client secret rotation
Checklist
If this pull request addresses a security vulnerability,
I confirm that I got approval (please contact security@ory.com) from the maintainers to push the changes.
Further comments