Ephemeral tokens generated with the original secret key, say, for password resets or mailing list unsubscribe, will be invalid.
Users will be logged out as their sessions IDs will be invalid
Hashed tracking IDs in logs generated prior to the update will have a different obfuscated session id. This is less important because of item 2.
The obscured ids used in proctoring will also change. This impacts Proctortrack proctored learners directly. After the secrets change, the learner who user the old secret to establish their onboarding profile will fail graded exams because new user_id does not find the right onboarding profile. Created In MST-637 we changed proctoring to use a different non-rotatable key, and MST-639 to protect against this covers making this new secret rotatable.
MFEs that don’t properly handle auth endpoints suddenly requiring re-auth will see a spike in JS errors until users have logged back into the LMS.