The client_assertion_type is invalid

ariel.mendoza · February 1, 2021, 1:14am

I’m following Get an access token | Okta Developer and have completed the below steps successfully:

Generated JSON Web Key Pairs Sets
Previous generated keys have been used to create a service thru the API
Access granted to okta.users.read scope
JWT string has been signed

and after that I’m getting the below error which says client_assertion_type is invalid

~  curl -X POST "https://dev-76039829.okta.com/oauth2/default/v1/token" \
    -H "Accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials \
&scope=okta.users.read \
&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer \
&client_assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.......CsJGaHPEAP_iTitdeeBzi7uA4fluLZHJGVRWSn-JLEg"

{"error":"invalid_client","error_description":"The client_assertion_type is invalid."}%

I have checked the allowed client_assertion_type types, and looks correct, the only issue I noticed is that the Application the moment is created thru API doesn’t get a client secret assigned

Does anybody has any clue about what could be wrong?

vijet · February 1, 2021, 7:29am

Hi @ariel.mendoza,

If you’re following this guide to Implement OAuth For Okta, you should be calling https://dev-76039829.okta.com/oauth2/v1/token instead of https://dev-76039829.okta.com/oauth2/default/v1/token (Remove default from the token URI)
Let us know if that works.

system · January 26, 2024, 6:29pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.