As it has been discussed on these threads:
it seems that is not possible for me to rotate the client secret of a public app by myself, but it’s possible for the HubSpot team to help with this.
First of all, I’m not sure on the specifics of what rotating the secret client will entail since it’s not publicly documented, there is this post here: https://community.hubspot.com/t5/APIs-Integrations/Help-on-Oauth2-Client-Secret-Rotation/m-p/1133884/highlight/true#M81484 but since the author is not from the HubSpot team I want to make sure of what will happen before going through with the rotation. I’ve got the following questions.
1. will the previous client secret be invalidated immediately when a new client secret is created?
2. is it possible to have the old and new client secrets to be valid at the same time?
3. given that the public app is in production, we already have many customer that have authenticated and we got their credentials, will these credentials be invalidated after the rotation? would we need to request the users to reauthenticate to the application?
4. will rotating the client secret generate any disruption on the webhooks the application receives from HubSpot?
Please let me know if you can help me with this.
Thanks in advance.