This problem analyzer makes it possible to deploy connected apps with unique consumer keys between orgs.
If you’re trying to deploy a connected app between orgs, you might come across a Gearset 'suggested fix' problem analyzer that warns:
Connected apps must have a unique 'consumerKey', and once set this value is not writable. Attempting to deploy 'consumerKey' as part of a connected app will usually cause the deployment to fail.
What triggers this problem analyzer?
If your connected app uses OAuth, then a unique consumer key is required - a value used by Salesforce to identify individual consumers. For those familiar with OAuth 2.0, this consumer key is an OAuth client_id.
If you create a connected app in Salesforce, a consumer key is generated automatically. These consumer keys are unique. Once set, they are no longer writable; Salesforce doesn’t let you edit or overwrite them.
As a result, it is not possible to deploy a consumer key from one org to another. Attempting to do so will trigger the Gearset problem analyzer, warning you that the deployment of your connected app is likely to fail.
How does Gearset help?
There’s an easy fix to this problem: don’t deploy the consumer key with your connected app. If you already have the connected app in your target org, the consumer key there will be left unaltered, and OAuth will continue to work as before. If the target org doesn’t include the connected app, Salesforce will generate a consumer key automatically - just as it does when you create a connected app manually.
Gearset suggests this fix when it detects a consumer key in your deployment. Simply leave the box checked and continue with the deployment.