Just as with your own personal credentials for various accounts and websites, you should rotate your client credentials as well. Set an interval, say, every 6 months, or every major release (depending on the security needs of your application, this may be longer or shorter) where you will request a new client secret and invalidate your old one. This will minimize the impact in the case that your client secret gets leaked.
This is a good practice and one to take note for production systems.
Share this highlighthttp://www.safaribooksonline.com/a/mastering-oauth-20/1779614/