Alicloud.my.id

IT, Techno, Auto, Bike, Money

SAP

Effective from June 30th 2026 – XSUAA Deprecation of GET Method for OAuth Token Retrieval

Byali

Jun 14, 2026
Effective from June 30th 2026 – XSUAA Deprecation of GET Method for OAuth Token Retrieval
Share

[[{“value”:”

Effective June 30th, the Authorization and Trust Management (XSUAA) Service will deprecate the use of the HTTP GET method for access token retrieval via the /oauth/token endpoint.

Going forward, only the HTTP POST method will be supported, in alignment with OAuth 2.0 specification (RFC 6749). This change ensures standardized and secure handling of token requests across all environments.

What Is Changing?

Previously, some implementations used the GET method to request access tokens:

GET /oauth/token?grant_type=client_credentials&response_type=token
Authorization: Basic <clientid:clientsecret>

This approach is not compliant with RFC 6749 and is now being deprecated.

The correct and supported approach is to use the POST method

POST /oauth/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <clientid:clientsecret>

grant_type=client_credentials

In VS Code – RestClient Extension

# @NAME login
POST {{host}}/oauth/token?grant_type=client_credentials&response_type=token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic {{clientid}}:{{clientsecret}}

###
@accessToken = {{login.response.body.access_token}}

2026-06-14_12-29-36.png

Impact

If any of your application:

  • Uses GET requests to /oauth/token
  • Passes parameters via query string

Then your implementation will stop working after June 30th

9998218580421052-7b5371e3-ed79-4af2-88cb-6840163631a6-image_task_01KV2E34H1VN2PS52BZC3SZJS1_0.jpg

Image source : Generated by SAP AI Core – Model Gemini Flash Lite

 

 

 

“}]] 

 [[{“value”:”Effective June 30th, the Authorization and Trust Management (XSUAA) Service will deprecate the use of the HTTP GET method for access token retrieval via the /oauth/token endpoint.Going forward, only the HTTP POST method will be supported, in alignment with OAuth 2.0 specification (RFC 6749). This change ensures standardized and secure handling of token requests across all environments.What Is Changing?Previously, some implementations used the GET method to request access tokens:GET /oauth/token?grant_type=client_credentials&response_type=token
Authorization: Basic <clientid:clientsecret>This approach is not compliant with RFC 6749 and is now being deprecated.The correct and supported approach is to use the POST method: POST /oauth/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <clientid:clientsecret>

grant_type=client_credentialsIn VS Code – RestClient Extension# @NAME login
POST {{host}}/oauth/token?grant_type=client_credentials&response_type=token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic {{clientid}}:{{clientsecret}}

###
@accessToken = {{login.response.body.access_token}}ImpactIf any of your application:Uses GET requests to /oauth/tokenPasses parameters via query stringThen your implementation will stop working after June 30thImage source : Generated by SAP AI Core – Model Gemini Flash Lite   “}]] Read More Technology Blog Posts by SAP articles 

#SAPCHANNEL

By ali

Related Post

SAP

Get Involved: Your opportunity to shape the future of configuration management at SAP Concur

Jun 13, 2026 ali
SAP

Get Involved: Your opportunity to shape the future of configuration management at SAP Concur

Jun 13, 2026 ali
SAP

Transitioning from SAP Solution Manager to SAP Cloud ALM – A Practical Enterprise Journey

Jun 13, 2026 ali

Leave a Reply

You missed

Commodities and Futures Uncategorized

Al Qaeda-linked militants curb their brutality in seized Malian territory

June 14, 2026 ali
Python

I Tried Learning Programming Backwards

June 14, 2026 ali
Python

What Most Python Tutorials Don’t Teach You About Becoming a Better Programmer

June 14, 2026 ali
Python

These 7 Python Libraries Made Coding Faster Than I Expected

June 14, 2026 ali