> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abbyy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth 2.0 for IMAP

> Set up OAuth 2.0 for IMAP email import in ABBYY Vantage Private Cloud by registering applications with Google Cloud and Azure and storing credentials in Consul.

By default, users setting up document import from an email service using an Input activity in a Process skill only have access to basic IMAP server authentication. To enable Google and Microsoft email services authentication via the OAuth 2.0 protocol, you need to:

1. Register applications on the Google Cloud Platform and/or the Azure portal.
2. Generate account credentials for these applications (Client ID and Client secret).
3. Pass the generated credentials to Consul.

These steps can be done both before and after installing Vantage.

## Registering the Application in Google

Creating an application requires a Google account.

### Creating a Project on the Google Cloud Platform

1. Navigate to the Google Cloud Platform New Project page.
2. Specify a name for your project and click **Create**.

<img src="https://mintcdn.com/abbyy/-pYAPopytMRFrgKm/images/vantage/private-cloud/misc-p01-009.png?fit=max&auto=format&n=-pYAPopytMRFrgKm&q=85&s=0027f04d3542e62ed370d265d0cf753a" alt="Google Cloud Platform New Project page showing project name field" style={{ width:"55%" }} width="696" height="512" data-path="images/vantage/private-cloud/misc-p01-009.png" />

3. Wait for a notification saying that your project has been created.

<img src="https://mintcdn.com/abbyy/-pYAPopytMRFrgKm/images/vantage/private-cloud/misc-p01-010.png?fit=max&auto=format&n=-pYAPopytMRFrgKm&q=85&s=0f50342afaf8fdddded09a04c13ac5ee" alt="Google Cloud Platform notification showing project creation confirmation" style={{ width:"46%" }} width="505" height="215" data-path="images/vantage/private-cloud/misc-p01-010.png" />

### Setting Up the Application

1. Navigate to the Google Cloud Console and select the appropriate project.

<img src="https://mintcdn.com/abbyy/-pYAPopytMRFrgKm/images/vantage/private-cloud/misc-p01-011.png?fit=max&auto=format&n=-pYAPopytMRFrgKm&q=85&s=7ed90201d64c9ac04c1e2ce98f49bc2f" alt="Google Cloud Console project selector dropdown" style={{ width:"51%" }} width="640" height="127" data-path="images/vantage/private-cloud/misc-p01-011.png" />

2. In the menu on the left side of the screen, select **APIs & Services > OAuth consent screen**.

<img src="https://mintcdn.com/abbyy/-pYAPopytMRFrgKm/images/vantage/private-cloud/misc-p01-012.png?fit=max&auto=format&n=-pYAPopytMRFrgKm&q=85&s=df2f37fb3a250e1e12a5d2214fd284e8" alt="Google Cloud Console menu showing APIs & Services with OAuth consent screen option" style={{ width:"53%" }} width="759" height="594" data-path="images/vantage/private-cloud/misc-p01-012.png" />

3. Select the **External** user type and click **Create**.
4. Specify a name for your application. In the **User support email** drop-down list field, select your Gmail address.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-013.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=0f7818966cc588aecdfa1a902934e92c" alt="OAuth consent screen App information form with app name and user support email fields" style={{ width:"61%" }} width="762" height="640" data-path="images/vantage/private-cloud/misc-p01-013.png" />

5. Specify the developer's email in the **Developer contact information** section at the bottom of the page and click **Save and continue**.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-014.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=d98b33b53c689a0198a3625e6e77f255" alt="Developer contact information section with email field" style={{ width:"62%" }} width="676" height="228" data-path="images/vantage/private-cloud/misc-p01-014.png" />

6. Click **Add or remove scopes**. This will open the **Update selected scopes** dialog on the right.
7. Copy and paste the following text into the **Manually add scopes** field in the bottom part of the dialog and click **Add to table**:

```
openid https://www.googleapis.com/auth2/userinfo.email https://www.googleapis.com/auth2/userinfo.profile https://mail.google.com/
```

<Note>
  You can also select scopes manually. The following scopes need to be selected:

  * `openid`
  * `https://mail.google.com/`
  * `../auth2/userinfo.email`
  * `../auth2/userinfo.profile`
</Note>

8. Click **Update**. This will close the **Update selected scopes** dialog and display the selected scopes.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-015.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=f590b733b6a1b690ffdbfffd1686cafe" alt="Update selected scopes dialog showing the required OAuth scopes" width="877" height="291" data-path="images/vantage/private-cloud/misc-p01-015.png" />

9. Click **Save and continue** at the bottom of the screen.
10. Click **Save and continue** to skip the **Test users** page settings and navigate to the **Summary** page.

On the Summary page, you'll see information about the application, email addresses, and permissions that have been set up.

### Creating Account Credentials

1. Select **Credentials** in the menu on the left side of the screen.
2. Click **+ Create credentials** and select **OAuth client ID**.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-016.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=5cc216a0e63c43dd5d2efca15048ed57" alt="Create credentials dropdown menu showing OAuth client ID option" style={{ width:"61%" }} width="784" height="429" data-path="images/vantage/private-cloud/misc-p01-016.png" />

3. Select the **Web application** type.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-017.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=c052066611435a9f8713b3f0c9d015bf" alt="Create OAuth client ID form with Application type dropdown showing Web application" style={{ width:"60%" }} width="691" height="526" data-path="images/vantage/private-cloud/misc-p01-017.png" />

4. In the **Authorized redirect URIs** section, select **+ Add URI**.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-018.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=8460f0b18983cb4682633a259b1b58bf" alt="Authorized redirect URIs section with Add URI button" style={{ width:"47%" }} width="463" height="405" data-path="images/vantage/private-cloud/misc-p01-018.png" />

5. In the field that will appear, specify the redirect URI:

```
https://<Vantage host name>/connectors-tokens-callback.html
```

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-019.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=f5792a55e8b3cdb66cf77388d8b579cb" alt="Redirect URI field with Vantage callback URL and CREATE button" style={{ width:"60%" }} width="629" height="374" data-path="images/vantage/private-cloud/misc-p01-019.png" />

6. Click **Create**.

The pop-up dialog box that will appear will contain the **Client ID** and **Client secret** values.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-020.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=06067860b25a26a4d9b077068136833c" alt="OAuth client created dialog showing Client ID and Client secret values" style={{ width:"66%" }} width="637" height="572" data-path="images/vantage/private-cloud/misc-p01-020.png" />

This data is required for setting up the tokenmanagement service in Vantage. You can save it immediately or copy it later by navigating to **APIs & Services > Credentials** and selecting the OAuth 2.0 client identifier you created.

### Publishing and Verification

The publishing status of the application is displayed in the **APIs & Services > OAuth consent screen** section.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-021.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=369044a6b382d5e112cbd88323cb5f49" alt="OAuth consent screen showing Publishing status as Testing with Publish App button" style={{ width:"27%" }} width="343" height="368" data-path="images/vantage/private-cloud/misc-p01-021.png" />

Applications with the **Testing** status are only available to users that have been added to the testers list. Only publishing an application makes it available to any user with a Google account.

Click **Publish app**. The `https://mail.google.com/` scope allows the application to access confidential user data, which is why a message saying that the application needs to be verified will be displayed.

To verify the application, you will need to provide:

* An official link to the application's Privacy policy
* A YouTube video demonstrating the stated purpose of obtaining Google user data using the application
* A text addressed to Google that contains a description of why you require access to confidential user data
* A full list of all your domains verified in the Google Search Console

Click **Confirm**. The status of your application will change to **In Production**.

The **Prepare for verification** button will also appear, letting you provide all required verification data.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-022.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=1ee43945af0ccbf8675acee2cbcc960f" alt="OAuth consent screen showing In Production status with verification warning and Prepare for Verification button" style={{ width:"55%" }} width="656" height="628" data-path="images/vantage/private-cloud/misc-p01-022.png" />

<Note>
  Before your application is verified, only 100 users will be able to use it. The user counter is located in the bottom part of the OAuth consent screen section and cannot be reset during the project's lifetime.
</Note>

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-023.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=4d03d61b8841dd4b85d0754d96e294fa" alt="OAuth user cap showing 0 users out of 100 user cap" style={{ width:"61%" }} width="660" height="347" data-path="images/vantage/private-cloud/misc-p01-023.png" />

## Registering the Application in Microsoft Azure

To create an application, an Azure Active Directory tenant with application registration and editing permissions is required.

You can switch to the correct directory on the **Portal settings | Directories + subscriptions** page.

### Registering the Application

1. Navigate to the **App registrations** page.
2. Click **New registration**.
3. Specify a name for your application and select the supported account types.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-024.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=e3b5aa1d33df9b9c23707de1d0d4f9af" alt="Azure Register an application form showing Name field and Supported account types options" width="1043" height="513" data-path="images/vantage/private-cloud/misc-p01-024.png" />

<Note>
  If the **Multitenant** type is selected for the application, it will be available for users in any Azure AD tenant. Such applications need to be verified, which is only available for Microsoft Partner Network participants. If you are not a participant, select **Single tenant**, which will only make your app available to users in your own Azure AD tenant.
</Note>

4. In the **Redirect URI** section, select the **Web** platform and specify the redirect URI:

```
https://<Vantage host name>/connectors-tokens-callback.html
```

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-025.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=302d436a6c5f15ebcf0127c3b5d462fb" alt="Azure Redirect URI section with Web platform selected" style={{ width:"77%" }} width="1099" height="337" data-path="images/vantage/private-cloud/misc-p01-025.png" />

5. Click **Register**.

### Setting Up Application Permissions

1. Navigate to the **API permissions** tab.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-026.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=cc70fc7b5b05efe72fa984ba73149252" alt="Azure portal sidebar showing API permissions menu option highlighted" style={{ width:"73%" }} width="1005" height="408" data-path="images/vantage/private-cloud/misc-p01-026.png" />

2. Click **Add permission**.
3. In the dialog that will open, select the **Microsoft Graph** section.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-027.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=18d4f5bde424ee1f70a36117c326662a" alt="Request API permissions dialog showing Microsoft Graph option highlighted" style={{ width:"69%" }} width="977" height="796" data-path="images/vantage/private-cloud/misc-p01-027.png" />

4. Select **Delegated permissions**.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-028.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=0602ad0758304d5b6d4ecee43d033ed9" alt="Microsoft Graph permissions dialog showing Delegated permissions option selected" style={{ width:"73%" }} width="1059" height="332" data-path="images/vantage/private-cloud/misc-p01-028.png" />

5. Add the following permissions:
   * `email`
   * `IMAP.AccessAsUser.All`
   * `offline_access`
   * `openid`
   * `profile`
6. Click **Add permissions**. This will close the dialog and display the selected permissions.

### Creating Client Secrets

1. Navigate to the **Authentication** tab.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-029.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=8e88381ed0e4ebf18c73e624a83349ab" alt="Azure portal sidebar showing Authentication menu option highlighted" width="1005" height="408" data-path="images/vantage/private-cloud/misc-p01-029.png" />

2. In the **Implicit grant and hybrid flows** section, mark **ID tokens (used for implicit and hybrid flows)**.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-030.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=36964a7d672763a485e6fa35b9f53327" alt="Implicit grant and hybrid flows section with ID tokens checkbox" width="912" height="267" data-path="images/vantage/private-cloud/misc-p01-030.png" />

3. Click **Save** at the top of the screen.
4. Navigate to the **Certificates & secrets** tab and click **New client secret**.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-031.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=b2cf030ff09ad7acd5c3ce89c89f08d5" alt="Certificates & secrets tab showing New client secret button" width="982" height="256" data-path="images/vantage/private-cloud/misc-p01-031.png" />

5. In the dialog box that will open, specify a name for the client secret and an expiration date.

<Note>
  The maximum expiration date is 24 months.
</Note>

6. Click **Add**. This will close the dialog and display information about your new client secret.

<Warning>
  It is important that you copy and save the **Value**, since you will not be able to access it again once you close the page. This value is required when configuring the tokenmanagement service in Vantage.
</Warning>

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-032.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=5811aef3d53863e299017e5ffa593995" alt="Client secrets list showing the secret Value column highlighted" width="1279" height="269" data-path="images/vantage/private-cloud/misc-p01-032.png" />

You will also need a client identifier, which can be copied from the **Application (client) ID** field in the **Overview** tab. The copy icon will appear once you hover the mouse cursor over the value of the identifier.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-033.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=9bda3a55daf09c5e6e95eec1ef5b0d82" alt="Azure application Overview showing Application (client) ID field highlighted" width="1281" height="299" data-path="images/vantage/private-cloud/misc-p01-033.png" />

### Verifying the Application

To make the application available to users from any Azure AD tenant, verification is required. Verification is not required if accounts from a single Azure AD tenant are used.

Only Microsoft Partner Network participants can undergo verification.

1. Navigate to the **Branding & properties** tab.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-034.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=7030cc0d7fe0b8bb75aca0a268b54e5d" alt="Azure portal sidebar showing Branding & properties menu option highlighted" width="1005" height="408" data-path="images/vantage/private-cloud/misc-p01-034.png" />

2. Verify that the domain is specified in the **Publisher domain** field. If required, configure your domain by clicking **Configure a domain**.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-035.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=f6821a5b29fbb067a527a2a6c480bb35" alt="Azure Branding & properties page showing Publisher domain field with Update domain option" style={{ width:"72%" }} width="887" height="403" data-path="images/vantage/private-cloud/misc-p01-035.png" />

<Note>
  The warning icon displayed next to the domain name means that an application with the specified domain cannot be verified. Click **Update domain** to specify a different valid domain related to the Azure Active Directory tenant. Alternatively, verify a new domain.
</Note>

3. In the **Publisher verification** section, specify your MPN ID and click **Verify and save**.

<Note>
  If you do not have the required permissions to add an MPN ID, verify that all publisher verification requirements are satisfied.
</Note>

Once your verification is successful, the appropriate icon will be displayed next to the **Publisher display name** field.

## Passing Credentials to Consul

If Vantage is already installed, you need to use Consul to manually enter account credentials generated for Microsoft and/or Google email service authentication.

Features specific to the OAuth 2.0 protocol are listed in the TokenManagement service.

<Note>
  Before setting up, verify that the kubectl command line tool is installed and that you are connected to the Kubernetes cluster.
</Note>

1. Get access to the Consul web interface by running the following command:

```bash theme={null}
kubectl port-forward -n abbyy-infrastructure service/consul-ui 8500:80
```

Then navigate to `http://localhost:8500/ui/dc1/kv/secret/`.

2. In the **Key/Value** tab that will open, select the appropriate Vantage deployment scope. Then, select the **vantage** project.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-036.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=1e547957ffccc6165bec8fb174174db2" alt="Consul vantage project showing list of services with tokenmanagement highlighted" style={{ width:"65%" }} width="1037" height="571" data-path="images/vantage/private-cloud/misc-p01-036.png" />

3. Select the **tokenmanagement** service.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-037.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=487f42879b7c616e79740db23dfa1c1f" alt="Consul tokenmanagement service showing oAuthClientConfiguration section" style={{ width:"68%" }} width="1035" height="569" data-path="images/vantage/private-cloud/misc-p01-037.png" />

4. Navigate to the **oAuthClientConfiguration** section.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-038.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=6831e2ea921b91ea3b88e79e3b447bdd" alt="Consul oAuthClientConfiguration showing google and microsoft options" style={{ width:"67%" }} width="1035" height="571" data-path="images/vantage/private-cloud/misc-p01-038.png" />

5. Select the service for which you want to specify user data (**google** or **microsoft**).

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-039.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=14c86ea2ca81b069a0128bb7a7cdf743" alt="Consul oAuthClientConfiguration section showing google service with clientId and clientSecret keys" style={{ width:"66%" }} width="1033" height="570" data-path="images/vantage/private-cloud/misc-p01-039.png" />

6. Select the **clientId** key.
7. Copy and paste the Client ID value you saved earlier to the entry field and click **Save**.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-040.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=a82e3391be9b31fec7bf11248f8c9057" alt="Consul clientId value editor with Save button" style={{ width:"65%" }} width="1030" height="609" data-path="images/vantage/private-cloud/misc-p01-040.png" />

8. Repeat steps 6 and 7 for the **clientSecret** key.

If required, repeat steps 5 through 8 for a different email service.

9. Restart the **tokenmanagement** service by running the following command:

```bash theme={null}
kubectl -n abbyy-vantage rollout restart $(kubectl -n abbyy-vantage get deployments -l app.kubernetes.io/component=tokenmanagement -o name)
```

## Updating Client Secret

The Client secret value is used for server-side client identification and constitutes confidential information. For security purposes, this data should periodically be updated. Some services like Azure Active Directory limit the validity period for such data.

Once a new Client secret has been created, the value of the corresponding Consul key should also be updated.

<Warning>
  Once the Client secret is updated, users will need to set up connections to their email service in the Input activity of the Document skill from scratch. Otherwise, Vantage will not be able to connect to the mailbox and import emails from it.
</Warning>

### Updating the Client Secret in Google

1. Navigate to the Google Cloud Console and select the appropriate project.
2. In the menu on the left, select **APIs & Services > Credentials**.
3. In the **OAuth 2.0 Client IDs** section, select the identifier used to authenticate when connecting to the IMAP server.
4. Click **Reset secret**.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-041.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=371cd0fa1e3fa27c6fa9323430359699" alt="Google Cloud OAuth client details showing Reset Secret button" style={{ width:"75%" }} width="945" height="133" data-path="images/vantage/private-cloud/misc-p01-041.png" />

5. Click **Reset** in the pop-up dialog box. This will update the Client secret value and recall its previous value.
6. Download the JSON file containing the credentials. Alternatively, copy the Client secret value from the right side of the screen.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-042.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=52fd18b924cbb40357f60b952231b4e0" alt="Google Cloud OAuth client details showing Download JSON button and Client secret field" width="1529" height="327" data-path="images/vantage/private-cloud/misc-p01-042.png" />

### Updating the Client Secret in Microsoft Azure

1. Navigate to the **App registrations** page and select the application used for authentication using the IMAP server.

<img src="https://mintcdn.com/abbyy/vfngV6KHu21aRu9_/images/vantage/private-cloud/misc-p01-043.png?fit=max&auto=format&n=vfngV6KHu21aRu9_&q=85&s=ecf9bad9d9eb08a6681c72bf31b2f92d" alt="Azure App registrations page showing Owned applications list with Example App" width="1525" height="332" data-path="images/vantage/private-cloud/misc-p01-043.png" />

2. Navigate to the **Certificates & secrets** tab and click **New client secret**.
3. In the dialog box that will open, specify a name for the client secret and its expiration date.
4. Click **Add**. This will close the dialog and display information about the new client secret. It is important that you copy and save the **Value**, since you will not be able to access it again once you close the page.
5. If the current client secret has not expired yet, you can delete it in order to only be able to use the new client secret to identify the client.

### Updating the Client Secret in Consul

Follow the steps listed in [Passing Credentials to Consul](#passing-credentials-to-consul), omitting steps 6 and 7 (copying the clientId value).
