Rotating Oauth Application Secret

35 views
Skip to first unread message

Tim Alby

unread,
Jul 20, 2022, 1:20:32 PMJul 20
to zotero-dev
Hello,

We've been using the same OAuth app secret for years, and we'd like to rotate it for security reasons. How can we do this?
I can list and edit our OAuth apps on https://www.zotero.org/oauth/apps, but not change the secret. We would also like to avoid service disruption, so ideally we'd be able to generate a new secret before decommissioning the old one.

Thanks,

Tim

PS: Am I correct that the secret keys listed on https://www.zotero.org/settings/keys have nothing to do with our OAuth apps? Can I remove them safely?

Tim Alby

unread,
Aug 9, 2022, 4:53:13 AMAug 9
to zotero-dev
Hello,

Any way we can rotate our secret?

fcheslack

unread,
Aug 9, 2022, 5:58:58 PMAug 9
to zoter...@googlegroups.com
You can start using a new private key by registering a new app. You can leave the old app in place until you've successfully switched over, and for however long you might need to keep it in place before you delete it.

The keys listed on zotero.org/settings/keys are the API keys for the logged in user's account. You can safely remove them. It won't do anything to your oauth app.

-Faolan


--
You received this message because you are subscribed to the Google Groups "zotero-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zotero-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zotero-dev/0bac5e06-d501-4a29-babd-e3a4f4e40759n%40googlegroups.com.

Tim Alby

unread,
Aug 16, 2022, 7:02:16 AMAug 16
to zotero-dev
Thanks, that worked well indeed.
Reply all
Reply to author
Forward
0 new messages