The issuer claim for client_assertion is not a valid client_id

I am trying to get token after creating a Service App using /clients end point as mentioned in following guide:
https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/get-access-token/

But getting error message in response:
{

"error": "invalid_client",

"error_description": "The issuer claim for client_assertion is not a valid client_id."

}

Following is postman request details:

curl --location --request POST ‘https://dev-16996884.okta.com/oauth2/v1/token
–header ‘Content-Type: application/x-www-form-urlencoded’
–header ‘Accept: application/json’
–header ‘Cookie: JSESSIONID=9C5D3205FBE1E18E9EB0C868018D775A’
–data-urlencode ‘grant_type=client_credentials’
–data-urlencode ‘scope=okta.users.read’
–data-urlencode ‘client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer’
–data-urlencode ‘client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL2Rldi0xNjk5Njg4NC5va3RhLmNvbS9vYXV0aDIvdjEvdG9rZW4iLCJpc3MiOiIwb2FyOTV6dDl6SXBZdXo2QTBoNyIsInN1YiI6IjBvYXI5NXp0OXpJcFl1ejZBMGg3IiwiZXhwIjoxNjE4NTk1MzQ5fQ.MKxBu00utkWVmoeBAM7bR-ZOGICCbQXcvGDa3TXpSHbO-rKLlM5mK1Y8g30THHBbX3WPpI3Rqh1DTyOwwENcvDSJ6jlYhWORlUYDgbdxLmGEFJYwQj_rKrOYcsIJVdcPaQXcN09yZSkMMM3tm5QkEky3nQZIDaWm0zitbzybYXtYFp2I7WGYaGB7cakf5uiaS4k3be_v9TgVJzW16HidVHbHeDzq9Gq5neuqU5v1Wjj-7NI0LTrfKNypmVcC-ne58nUXaWUN4_3Z1Z3QBu5knqTQKflDZPkLuj-0cwGJf62jsrBcY8gD0i8IY0vu3ZnBkfWTV3Y9X1BoDdmUbJ5swA’
–data-urlencode ‘client_id=0oaldn4icBNIZZxsT5d6’

Not sure what is going wrong here. As per the steps in above guid, Client_Id was not given in the request. I still given it as I was getting invalid client id error message.
Any help here is appreciated.

If you go to https://jwt.io/ and paste in the client_assertion you mentioned above, you’ll see the value that’s being sent for issuer.

When you create and sign the JWT in the previous step, you need to be sure to include the clientId of the app as the issuer.

You can find this value by doing the following:

  1. Login into your Okta admin dashboard
  2. Navigate to your application
  3. Find your service app. The clientId is listed under the application name
1 Like