The issuer and subject claim for client_assertion is invalid because the client does not have a client secret

I have created app using steps mentioned at :

App is created successfully but app doesn’t have client secret when I check that on okta dashboard.

Now I followed the steps mentioned at https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/get-access-token/

it fails with following error:
Error:

{
“error”: “invalid_client”,
“error_description”: “The issuer and subject claim for client_assertion is invalid because the client does not have a client secret.”
}

Take a look at the “alg” claim in the header of the client_assertion jwt that you are passing to the /token endpoint. I suspect that you are probably using a HMAC signing algorithm (HS*), rather than a private-key based algorithm like RS256.

Here is screen shot for my test project

Those are the signing keys that you intend to use to sign your client_assertion token. You need to look at the actual token being provided in the token request being made to Okta.

When I am making following request for gettoken, i am getting error: [The issuer and subject claim for client_assertion is invalid because the client does not have a client secret]

curl -X POST "https://{yourOktaDomain}/oauth2/v1/token"
    -H "Accept: application/json"
    -H "Content-Type: application/x-www-form-urlencoded"
    -d "grant_type=client_credentials \
    &scope=okta.users.read \
    &client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer \
    &client_assertion=eyJhbGciOiJSUzI1…..feCJfSqsJeEKGjJqp1accnXpPbCSi1-2UQ"

Hi @fordevelopment2019,

Could you please email to developers@okta.com with the details so that one of our Engineers can help you with further troubleshooting ?