- 1 Minute to read
Server-to-Server Access Token Troubleshooting
- 1 Minute to read
JWT is not valid
Client authentication failed
Grant type is not set
Unknown/invalid scope(s): [open]
Invalid client errors
The error invalid client will appear if the JWT assertion is not correct. This error may occur if:
The JWT has expired or is invalid.
The audience is wrong
Client ID is not found
Client_ID or secret are invalid
JWT is not valid error
If the ‘JWT expired error’ (shown below) occurs, check the jwt claim values "exp" and "iat". Both values should be in seconds (EPOCH time) and 'exp' should be in the future but less than the server side configured time (i.e., 24 hrs).
{
"error_description": "JWT has expired or is not valid",
"error": "invalid_client"
}
Client authentication failed error
If the error shown below occurs, follow the steps below to correct it.
{
"error_description": "Client authentication failed",
"error": "invalid_client"
}
Make sure the realm value is correct.
Make sure the client_id, client_secret used in JWT are correct.
Make sure the client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer (check for typos or any hidden special characters in value).
Log request and check all endpoints, parameter names and values properly. Check URL encoded values to make sure they are accurate.
Make sure the correct endpoint is targeted.
If the first five steps do not resolve the error, then delete static values for grant_type, client_assertion_type, scope, realm etc. and re-add manually to avoid any copy paste resulting in invisible special characters.
Invalid request error
If the error shown below occurs make sure that the check grant_type is set and that the value is client_credentials.
{
"error_description": "Grant type is not set",
"error": "invalid_request"
}
Invalid scope error
If the error shown below occurs check that the scope is set correctly.
{
"error_description": "Unknown/invalid scope(s): [open]",
"error": "invalid_scope"
}