Genesys Cloud - Developer Announcements!

 View Only

Sign Up

  • 1.  [CANCELLED] Update: OAuth Client Secret Length Change (Effective 27 April 2026)

    Posted 20 days ago
    Edited by Ananya Singh 7 days ago

    Revised announcement -https://community.genesys.com/discussion/we-have-enhanced-oauth-security-by-updating-the-length-of-oauth-client-secrets

    Summary

    We’re enhancing security by updating the length of OAuth client secrets.**

    What’s changing?

    We are making changes to the number of characters used for OAuth client secrets.  Client secrets are currently a fixed length of 16 characters. Following this change, client secrets will have a length in the range of 20 to 22 characters. 

    Why this matters?

    This change is being implemented for increased security and to assist with identification of client secrets stored insecurely on public repositories.

    Effective Date

    Monday, April 27, 2026

    Customer Impact

    What you need to do?

    If you use any automation processes which assume a fixed character length for OAuth client secrets, you will need to update these processes to allow for a longer variable length client secret. Following this change, client secrets will have a length in the range of 20 to 22 characters.

    Note: This change only applies to newly created clients or when the client secret is updated. Existing client secrets are unaffected. You do not need to update your current client secrets. However, doing so will ensure that any client secrets that are stored insecurely on public repositories can be more easily flagged for remediation.

    Impacted Resources

    GET /api/v2/oauth/clients

    PUT or GET /api/v2/oauth/clients/{clientId}

    POST /api/v2/oauth/clients/{clientId}/secret

    Issue References

    IAM-4113

    Contacts

    @David Murray  

    Please reply to this announcement with any questions. This helps the wider developer community benefit from the discussion. We encourage you to use this thread before contacting the designated person directly. Thank you for your understanding.



  • 2.  RE: [CANCELLED] Update: OAuth Client Secret Length Change (Effective 27 April 2026)

    Posted 17 days ago

    Hi,

    This change does not affect existing secrets (it's only applicable for newly generated secrets), correct?



    ------------------------------
    Stijn Brebels
    Ideal Systems NV
    ------------------------------

    Original Message


  • 3.  RE: [CANCELLED] Update: OAuth Client Secret Length Change (Effective 27 April 2026)

    Posted 16 days ago

    That's correct.  Existing secrets are unaffected.  The article has now been updated with a note accordingly.



    ------------------------------
    David Murray
    Principal Product Manager
    Genesys Cloud
    ------------------------------

    Original Message


  • 4.  RE: [CANCELLED] Update: OAuth Client Secret Length Change (Effective 27 April 2026)

    Posted 13 days ago

    Hi,

    I understand that existing secrets will not be affected,
    but is my understanding correct that even if an existing secret is 23 characters or longer, it will not be affected?



    ------------------------------
    Rui Igarashi
    ------------------------------

    Original Message


Related Content