@Lily ,
Thanks for reaching out to Q&A.
Managed identities can be used to replace oauth, however key rotation would still be applicable. Key rotation becomes an overhead if you had to do it manually as it requires modifying the code however Managed identity makes it simple as it handles key rotation automatically.
I hope you are aware of user assigned and system assigned managed identity. When a managed identity for any Azure Resource is created, it is termed as the System-Assigned Managed Identity. Once the System-Assigned Managed Identity for a resource is created in AAD, a service principal with the name same as the Azure resource gets created . Each Service Principal has its own client secret using which the AAD authenticates and validates that its a service principal known to itself. Azure automatically rotates the identity by updating this client secret in the backend, and saves the application admin from creating a new secret every time it expires.
If you are looking to avoid key rotation then it cannot be avoided unfortunately. However it can be done automatically using Managed identity and the authentication-managed-identity policy can be used to authenticate with a backend service using the managed identity
I hope this helps!
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.