Genesys Cloud
OAuth Client Secret no longer visible in the Admin UI after creation or reset

In a future release, Genesys Cloud will remove the ability to view OAuth client secrets in the Admin UI after the initial creation or reset of a client. This change aligns with modern security practices by ensuring that sensitive credentials are only exposed once, at the moment they are generated. Today, administrators can view OAuth client secrets at any time via the UI. This persistent visibility increases the risk of unintended exposure and implies the secrets are stored in plaintext. After this update, the client secret appears only once, immediately after creation or reset. At that point, administrators are prompted to copy and store the secret securely, as it will no longer be retrievable from the UI. To help with the transition, the secret remains temporarily accessible via the API, but this capability will be removed in a later phase. If the client secret is lost, the administrator must initiate a reset to generate a new one. The UI will include guidance to reinforce this new responsibility.

These changes support the broader security goal of minimizing the exposure of credentials and reducing the likelihood of compromise. By no longer making client secrets permanently visible in the Admin UI, Genesys Cloud is enhancing both platform security and customer accountability for OAuth client credentials.

Genesys Cloud recommends that administrators prepare by updating internal processes to store secrets securely at the time of creation, and by reviewing any automations or scripts that assume secrets can be retrieved later via the UI.