New Size Requirement for OAuth 2.0 Connected App Client Secrets
When you create a connected app, Salesforce generates the value for the consumer secret (referred to as the client secret in OAuth 2.0). For security reasons, we increased the minimum size requirement from at least 8 characters to 32. We also changed the format of the generated secret. If you replaced the Salesforce generated secret with your own through Metadata API, check its size.
Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.