As the title suggests, we'd like to know how and why this is happening. Steps to reproduce:
- Use an app that has a resource that uses Auth0 Client Credentials
- Change the Auth0 Client Credentials and save
- Old credentials are still used for up to a day
Expected:
Old credentials are no longer used.
We've come across this issue a few months ago whilst setting up Auth0 Client Credentials and submitted a support email but it magically started working the next day. We've also come across it more recently due to an Auth0 Tenant migration which is quite annoying as it means the migration takes at least a day.
It appears others are also having this issue as well: Auth0 Token Auth Returning "undefined" Token
To us it seems like there's some definite caching going on with the client credentials, secret and audience. Other changes to the resource settings are immediate such as the API URL. We inspected via logging and confirmed Retool is sending old credentials.
We'd like to know:
- Why are these fields being cached? Seems like a bit of an issue especially if you are in our situation whereby a whole environment is unusable because it's using old credentials.
- How long is the cache TTL?
- If the cache is necessary, can you at least clear it once changes are made to the settings?
Thanks in advance!