Use the glide.oauth.allow.parameters.in.post.body.only property to control the inbound OAuth authentication's acceptance of access tokens. Access tokens are sensitive and should only be accepted when located within a POST request body.

More information

Attribute	Description
Configuration name	glide.oauth.allow.parameters.in.post.body.only
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	true
Category	Data protection
Security risk	Severity score: 4.2 CVSS score: Medium Security risk details: If glide.oauth.allow.parameters.in.post.body.only isn't set to the recommended value of true, access tokens could be present in the GET request parameter. These access tokens could linger in client and infrastructure logs and potentially lead to account takeover if those logs are leaked.
Dependencies and prerequisites	None
References	OAuth 2.0 Manage OAuth tokens
Functional impact	Ensures that oauth_token.do processor accepts only POST body parameters as input for all supported grant types.