What's changing#
The /v1/oauth/token endpoint currently returns HTTP 201 Created on success. On May 26, 2026, this will change to HTTP 200 OK.
Why#
OAuth 2.1 (section 3.2.3) mandates a 200 response from token endpoints. Returning 201 is non-compliant and has caused token exchange failures with some strict OAuth clients.
Am I affected?#
You're only affected if your integration explicitly checks for a 201 status code from this endpoint. For example, the following popular client implementations check for a successful 2XX range and are unaffected:
- MCP TypeScript SDK — uses
response.ok - Vercel AI SDK (
@ai-sdk/mcp) — usesresponse.ok - axios — resolves for any 2XX by default
If you're unsure, search your codebase for explicit 201 checks against this endpoint.
What should I do?#
Rather than hardcoding a check for either 200 or 201, we recommend checking for a successful 2XX response range — e.g. response.ok in the Fetch API. This is consistent with how popular OAuth client libraries handle token responses and will be resilient to either status code.
Timeline#
| Date | Event |
|---|---|
| May 1, 2026 | Announcement published |
| May 26, 2026 | Change takes effect |