Rotating GC OAuth client secret with Kotlin SDK without dropping active WebSocket sessions

NICE CXone API & Integrations
1 
kotlin
val config = PureCloudConfigurationBuilder()
 .clientId(clientId)
 .clientSecret(newSecret)
 .build()
val client = PureCloudPlatformApiV2(config)
```<br><br>We're trying to rotate the OAuth client secret for our Android app's background service that pushes messages via the Web Messaging SDK. The docs suggest using the two-secret rotation window, but I'm hitting a wall when the old secret expires while the WebSocket connection is still alive. The SDK throws an `UnauthorizedException` on the next heartbeat, and reconnecting with the `newSecret` immediately fails because the token cache is still validating against the old signature. <br><br>I need to know the exact sequence. Do I revoke the old token explicitly via `/api/v2/oauth/tokens` before switching the config object? Or does the SDK handle the refresh automatically if I just update the `clientSecret` in the builder? The current flow crashes the service when the 5-minute rotation window closes. Looking for a code snippet showing how to swap the secret in the `PureCloudConfigurationBuilder` without forcing a full app restart or losing the active session state.
2

You might be overthinking the SDK’s internal token cache here. The PureCloudPlatformApiV2 client doesn’t actually hold a persistent WebSocket connection for the messaging API itself; it just handles the auth handshake. The real issue is likely that your background service is initializing a new PlatformClient instance for every message push, forcing a re-auth with the stale secret.

Try swapping the secret in the config builder before the client initializes, but keep the existing OAuthClient instance alive if you’re using it directly for the WebSocket. The SDK’s OAuthClient supports token refresh without dropping the underlying socket, provided you don’t tear down the whole client object.

// Don't rebuild the whole client if you can help it
val oauthClient = client.oauthClient
oauthClient.configuration.clientSecret = newSecret
oauthClient.refreshToken() // This should just swap the token, keep the socket warm

Make sure you’re not calling disconnect() on the WebSocket layer while the refresh is happening. That’s usually what kills the session, not the secret rotation itself.