Forum Discussion
More than one ClientSecret or even ClientID per website - best practice?
If a website uses OAuth2 to authenticate on several pages (Contact page, PayPal IPN call-back, purchase notification to buyer and so on), is it regarded as best practice to use different ClientSecret...
Not sure if that's an actual "best practice", however, please consider it might also make it more difficult to track any audit logs for such apps. Generally, I've just used a single Azure AD app to do it all. You might consider using different apps in case of different teams doing some kind of work and the permissions they need are different as well.