OAuth 2.0 Connected App Client Secrets Require More Characters
When you create a connected app, Salesforce generates the value for the consumer secret (referred to as the client secret in OAuth 2.0). For security reasons, we increased the minimum size requirement: The client secret must be at least 32 characters. This change doesn’t affect existing OAuth 2.0 connected apps. We also changed the format of the generated secret. As of Spring ’19, if you replace the Salesforce-generated secret with your own using Metadata API, make sure that the size is at least 32 characters.
Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.