Can a client secret created with an app registration in Azure be used multiple times?
If a person has the client ID and the Client Secret, can that be compromised that way?
Can a client secret created with an app registration in Azure be used multiple times?
If a person has the client ID and the Client Secret, can that be compromised that way?
Yes, it can, on both questions. Think of the client secret as just a very long password... that gives you access to potentially everything within the tenant. Do not share it, do not store it in plain text, or better yet switch to using certificates instead.
19 people are following this question.