Resets the client secret for an OpenID Connect (OIDC) confidential client or a configuration client. This endpoint provides a way to periodically rotate client secrets or to change a client secret you believe might have been compromised. The /secret endpoint is also your only recourse if you have forgotten the secret associated with an OIDC client: there is currently no way to retrieve a secret after the client has been created. Instead, the secret is displayed once (as part of the API response generated when the client is created) and cannot be retrieved after that.

Note that, when you change a client secret, the change takes effect immediately: there is no grace period in which both the old secret and the new secret are valid.


This endpoint requires Basic authentication. When configuring authentication, you must use the client ID of a confidential OpenID Connect (OIDC) client as your username and the client secret of that same OIDC client as your password.


This endpoint includes the following methods:

  • POST



Resets the client secret for an OpenID Connect (OIDC) confidential client or configuration client. 

Path Parameters

Path parameters that must be included in the request are listed in the following table:

Parameter Type Required Required




Unique identifier of the customer associated with the OIDC client. 




Unique identifier of the OIDC client whose secret is being reset.

Sample Request (Curl)

The following command resets the client secret for the confidential client af4f70a3-0364-4505-94c4-8d26df86e161:

curl -X POST \
 https://v1.api.us.janrain.com/01000000-0000-3000-9000-000000000000/config/clients/af4f70a3-0364-4505-94c4-8d26df86e161/secret \
  -H 'Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg='


201 Created

If your call to this endpoint succeeds, you'll get back the new client secret:

    "secret": "7iv-pLUhFXOta3nN3aqIkOtEh0H_WRel9fMUdE3JWgp9HVw4idRz9q5N3ZTCzFXmBvEEk79G6232U0utf5SKdA"

Be sure and copy this secret and store it in a secure location: there is no way to retrieve a client secret after it’s been created. You can use an API call to return all the other properties of a confidential client; however. the client secret is not included in that property set.

Response Codes

The following table includes information about some of the response codes that you might encounter when calling this endpoint.

Response Code Description


Bad request: Not a confidential client. You tried to reset the secret for a public OIDC client: public clients do not have client secrets. 


Authentication required or Invalid credentials. You either did not specify an authentication method for the call (this endpoint requires Basic authentication) or the supplied client ID/client secret was incorrect.


Forbidden. You do not have permission to access the requested resource.