SAP Knowledge Base Article - Public

2668018 - Error message: "Unable to authenticate the client (Login failed - invalid user)" for Oauth Authentication


For the OAuth Token call using url: https://<>/oauth/token, getting below error message-

"errorHttpCode": "401",
"errorMessage": "Unable to authenticate the client (Login failed - invalid user)"


  • SAP Successfactors HXM Suite
    • OData API
      • OAuth 2.0


You should always use a VALID userId (rather than username) in your OAuth token request to avoid the 401 error message.

If you wish to use the user name or user e-mail instead of the userId to authenticate the call, please include the use_email = true or use_username = true parameter in the SAML assertion generation request payload. You may refer to Generating a SAML Assertion for more information.

NOTE: If you're passing the userId (not user name nor e-mail) and the userId is in e-mail format (, the authentication will fail. OAuth does not accept an userId in this format unless the 'use_email=true' parameter is used.


OAuth Authentication, Unable to authenticate the client (Login failed - invalid user), OAuth, Invalid user , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT , Integrations , Problem


SAP SuccessFactors HXM Suite all versions