OAuth 2.0 Connected App Client Secrets Require More Characters

When you create a connected app, Salesforce generates the value for the consumer secret (referred to as the client secret in OAuth 2.0). For security reasons, we increased the minimum size requirement from at least 8 characters to 32. We also changed the format of the generated secret. As of Spring ’19, if you replace the Salesforce-generated secret with your own using Metadata API, make sure that the size is at least 32 characters. This change does not affect existing OAuth 2.0 connected apps.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.