Last updated 10/28/2021
A client secret is a secret key that your application passes to an authorization server, that proves your application is who it says it is. If another application is trying to impersonate your application, it will be rejected because it will not have the correct secret.
Please ensure that all of your secrets are protected and not shared with anyone. However, if your client secret is ever compromised, it is quick and easy to generate and apply a new one.
When setting up a custom Identity Provider, you’ll see that each one will issue you a Client ID and a Client Secret. This Secret should be entered into Bread & Butter, as per the Identity Provider setup documentation. Please note that the Bread & Butter application stores this Secret securely, so that it can’t be accessed by anyone but you.
The Identity Provider Secret allows Bread & Butter to broker the SSO connection between your website and the Identity Provider.
You’ll also see that you can generate a new Secret at any time, if needed. When generating a new Secret, please ensure that you enter the new Secret into your Bread & Butter custom Provider.
When you create your App in Bread & Butter, you’ll see your App Secret under App Settings in the left menu. This is the Secret that your application will use when it connects to Bread & Butter for SSO validation.
As with Identity Providers, you can generate a new Secret and delete old ones at any time. You can also have more than one Secret at once, and each will be valid and usable. If a Secret becomes compromised, please generate a new one and update your application accordingly. Once your application is using the new Secret, you can delete the old one.
Add authentication & API event tracking to your website/app with a script tag & configuration