RocketChat · ggazzo · Sep 17, 2025 · Sep 1, 2025 · Sep 1, 2025 · Sep 1, 2025
diff --git a/.changeset/poor-trains-mate.md b/.changeset/poor-trains-mate.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': major
+---
+
+Removes deprecated `appId` parameter from the `oauth-apps.get` endpoint.
diff --git a/apps/meteor/app/api/server/v1/oauthapps.ts b/apps/meteor/app/api/server/v1/oauthapps.ts
@@ -8,7 +8,6 @@ import {
 } from '@rocket.chat/rest-typings';
 
 import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
-import { apiDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger';
 import { addOAuthApp } from '../../../oauth2-server-config/server/admin/functions/addOAuthApp';
 import { deleteOAuthApp } from '../../../oauth2-server-config/server/admin/methods/deleteOAuthApp';
 import { updateOAuthApp } from '../../../oauth2-server-config/server/admin/methods/updateOAuthApp';
@@ -88,7 +87,7 @@ const UpdateOAuthAppParamsSchema = {
 
 const isUpdateOAuthAppParams = ajv.compile<UpdateOAuthAppParams>(UpdateOAuthAppParamsSchema);
 
-type OauthAppsGetParams = { clientId: string } | { appId: string } | { _id: string };
+type OauthAppsGetParams = { clientId: string } | { _id: string };
 
 const oauthAppsGetParamsSchema = {
 	oneOf: [
@@ -112,16 +111,6 @@ const oauthAppsGetParamsSchema = {
 			required: ['clientId'],
 			additionalProperties: false,
 		},
-		{
-			type: 'object',
-			properties: {
-				appId: {
-					type: 'string',
-				},
-			},
-			required: ['appId'],
-			additionalProperties: false,
-		},
 	],
 };
 
@@ -292,10 +281,6 @@ const oauthAppsEndpoints = API.v1
 				return API.v1.failure('OAuth app not found.');
 			}
 
-			if ('appId' in this.queryParams) {
-				apiDeprecationLogger.parameter(this.route, 'appId', '7.0.0', this.response);
-			}
-
 			return API.v1.success({
 				oauthApp,
 			});

diff --git a/apps/meteor/tests/end-to-end/api/oauthapps.ts b/apps/meteor/tests/end-to-end/api/oauthapps.ts
@@ -212,24 +212,6 @@ describe('[OAuthApps]', () => {
 				});
 		});
 
-		it('should return a single oauthApp by appId (deprecated)', () => {
-			return request
-				.get(api('oauth-apps.get'))
-				.query({ appId: _id })
-				.set(credentials)
-				.expect(200)
-				.expect((res) => {
-					expect(res.body).to.have.property('success', true);
-					expect(res.body).to.have.property('oauthApp');
-					expect(res.body.oauthApp._id).to.be.equal(_id);
-					expect(res.body.oauthApp.clientId).to.be.equal(clientId);
-					expect(res.body.oauthApp).to.have.property('clientSecret');
-					if (clientSecret) {
-						expect(res.body.oauthApp.clientSecret).to.be.equal(clientSecret);
-					}
-				});
-		});
-
 		it('should return only non sensitive information if user does not have the permission to manage oauth apps when searching by clientId', async () => {
 			await updatePermission('manage-oauth-apps', []);
 			await request
@@ -262,22 +244,6 @@ describe('[OAuthApps]', () => {
 				});
 		});
 
-		it('should return only non sensitive information if user does not have the permission to manage oauth apps when searching by appId (deprecated)', async () => {
-			await updatePermission('manage-oauth-apps', []);
-			await request
-				.get(api('oauth-apps.get'))
-				.query({ appId: _id })
-				.set(credentials)
-				.expect(200)
-				.expect((res) => {
-					expect(res.body).to.have.property('success', true);
-					expect(res.body).to.have.property('oauthApp');
-					expect(res.body.oauthApp._id).to.be.equal(_id);
-					expect(res.body.oauthApp.clientId).to.be.equal(clientId);
-					expect(res.body.oauthApp).to.not.have.property('clientSecret');
-				});
-		});
-
 		it('should fail returning an oauth app when an invalid id is provided (avoid NoSQL injections)', () => {
 			return request
 				.get(api('oauth-apps.get'))
@@ -329,32 +295,6 @@ describe('[OAuthApps]', () => {
 					expect(res.body).to.have.property('error', 'OAuth app not found.');
 				});
 		});
-
-		it('should fail returning an oauth app when an invalid appId is provided (avoid NoSQL injections; deprecated)', () => {
-			return request
-				.get(api('oauth-apps.get'))
-				.query({ appId: { $ne: '' } })
-				.set(credentials)
-				.expect(400)
-				.expect((res) => {
-					expect(res.body).to.have.property('success', false);
-					expect(res.body).to.have.property('errorType', 'error-invalid-params');
-					expect(res.body).to.have.property('error');
-					expect(res.body.error).to.include('must be string').and.include('must match exactly one schema in oneOf');
-				});
-		});
-
-		it('should fail returning an oauth app when an invalid appId string is provided (avoid NoSQL injections; deprecated)', () => {
-			return request
-				.get(api('oauth-apps.get'))
-				.query({ appId: '{ "$ne": "" }' })
-				.set(credentials)
-				.expect(400)
-				.expect((res) => {
-					expect(res.body).to.have.property('success', false);
-					expect(res.body).to.have.property('error', 'OAuth app not found.');
-				});
-		});
 	});
 
 	describe('[/oauth-apps.update]', () => {