Dear OneLogin Administrator,
To improve our handling of Client Secrets, we are changing the behavior of our App API GET and App API PUT calls. Currently, when you make a GET or a PUT call for an app that is enabled for OIDC the “client_secret” and “oidc_encryption_key” are returned as part of the response. These fields will no longer be returned in the GET and PUT responses after our next release. They will, however, continue to be part of the response to the initial POST request.
This change will roll out in our next release which is currently shceduled for mid August.
According to our logs your organization is making calls to the Apps API and returning OIDC apps. If this is information that you still need, we do have the option to enable your tenant to continue to return these fields when the GET or PUT call is made. You can reach out to our Support team to ensure that you still have this option enabled.
If you have questions or need assistance with the update, please reach out to our support team.
Regards,
The One Identity Team
