Trying to rotate the OAuth client secret without dropping active sessions. Docs say to create the new secret first. I POSTed to /api/v2/oauth/client/create and got the new clientSecret. Switched our config. Immediately hit /api/v2/oauth/token with the new secret and got a 500 Internal Server Error. Old secret still works fine. Is there a cache delay or a specific order I’m missing?
{ "grant_type": "client_credentials", "client_id": "my-id", "client_secret": "new-secret" }