Rotate Secret For Broker O Auth2 Client

Rotate Secret For Broker O Auth2 Client

This endpoint is responsible for rotating an OAuth 2.0 client secret. The rotation is started using the start-rotate-secret action and it ends by explicitly calling the API with the retire-primary-secret action, or implicitly when the auto rotation duration expires. During the rotation, both the primary and secondary secrets can be used for the client credentials. When the rotation ends, the secondary secret will become the primary secret. When using the retire-primary-secret action, the BrokerOAuth2ClientStartSecretRotationMedia payload should be empty.

Request
URI
POST
https://{api_host}//acs/t/{tenant}/broker/oauth2-clients/{id}
COPY
Path Parameters
string
id
Required

The OAuth 2.0 client identifier

id example 
my-auth-grant-client1
string
tenant
Required

The VMware Identity Services tenant ID

tenant example 
my-tenant
Query Parameters
string
action
Required

The action for the OAuth 2.0 client secret rotation. 'start-rotate-secret' will start secret rotation for the OAuth 2.0 client. 'retire-primary-secret' will explicitly finish an ongoing secret rotation by retiring the existing primary secret and replacing it with the secondary secret.

action example 
start-rotate-secret
Possible values are : start-rotate-secret, retire-primary-secret,
Request Body
BrokerOAuth2ClientStartSecretRotationMedia of type(s) application/vnd.vmware.horizon.manager.accesscontrol.broker.oauth2client.secret.rotation+json
Optional 
{
    "_links": {
        "self": {
            "href": "https://example.com/path-to-self"
        }
    },
    "primary_secret_auto_retire_duration": 2880,
    "secondary_secret": "MySecret@#$"
}
object
_links
Optional

The resource HATEOAS links. Usually includes a "self" link for this resource

integer As int32 As int32
primary_secret_auto_retire_duration
Optional

Indicates how long in minutes until primary secret will retire automatically. Default value if not specified is 1 day. Maximum value is 7 days. The field is optional when starting a secret rotation and it is ignored when ending a rotation

string
secondary_secret
Optional

An alternative secret to the client primary secret that will replace the existing primary secret when the secret rotation ends. The field is mandatory when starting a secret rotation and it is ignored when ending a rotation.

Authentication
This operation uses the following authentication methods.
Responses
204

OAuth 2.0 client secret rotation action was successful.

Operation doesn't return any data structure

400

Invalid start secret rotation input or secret rotation already started when action is start-rotate-secret. Secret rotation not started when action is retire-primary-secret.

Operation doesn't return any data structure

401

Unauthorized to perform secret rotation for the OAuth 2.0 client.

Operation doesn't return any data structure

403

Forbidden to perform secret rotation for the OAuth 2.0 client.

Operation doesn't return any data structure

404

OAuth 2.0 client is not found.

Operation doesn't return any data structure

On This Page
Administration Operations
POST
Create Broker O Auth2 Client
DELETE
Delete O Auth2 Broker Client
GET
Get Broker Oauth2 Client
GET
Get Broker O Auth2 Client Summary List
PATCH
Patch O Auth2 Client
POST
Rotate Secret For Broker O Auth2 Client