When a client secret is expired and therefore SSO cannot be used anymore, it would probably be good if it became disabled.
One comment
I have declined this idea, because it is possible to be notified (almost) instantly, when an exception occurs on your website. See https://www.wpo365.com/article/get-instantly-notified-about-failures/ for details. So with proper alerting / monitoring all set up, it should be possible to detect issues such as an expired secret very quickly.
One comment
I have declined this idea, because it is possible to be notified (almost) instantly, when an exception occurs on your website. See https://www.wpo365.com/article/get-instantly-notified-about-failures/ for details. So with proper alerting / monitoring all set up, it should be possible to detect issues such as an expired secret very quickly.