We need to rotate the client secret for our main integration without dropping active calls. The docs suggest creating a new secret before invalidating the old one, but I’m seeing 401 Unauthorized errors immediately after the POST to /api/v2/oauth/clients/{id}/secrets succeeds.
Is there a propagation delay? Or do I need to wait for the old secret to expire? Here is the payload I’m sending:
{ "clientSecret": "new-secret-string" }
The token endpoint still rejects it. What’s the exact sequence?