+ Start a Discussion
Juan TLJuan TL 

Expired Authorization Code using the JWT Bearer Token Flow

I am stuck trying to obtain a token via the JWT Bearer Token Flow. I followed the steps here https://dreamevent.secure.force.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5

1. Created the connected app and generated a JWT Bearer Token using the sample code provided by Salesforce

2. Authorised the app via the browser successfully with a POST request like the below


3. Now trying to execute this from Postman using the below


 I keep on receiving the error 
    "error": "invalid_grant",
    "error_description": "expired authorization code"

Anybody experienced this previously? I would be grateful for help on this
Hi Juan, Could you overcome this error: expired authorization code?
Im with the same problem. 
Could anyone help us? 
For me it worked when I download the log file from Salesforce ORG and paste the JWT assertion in POSTMAN, before I was copying the assertion from screen but Salesforce truncates it. It's was my mistake that time.

oauth2/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={{JWT Assertion from Log File}}
Hi Alvaro,

I was able to fix that issue. My expiration date was 3 seconds and now it is an entire day. But I got stucked in another problem.

    "error": "invalid_request",
    "error_description": "refresh_token scope is required and the connected app should be installed and preauthorized."

I already pre-authorized the Connected App for System Administrator by going to Connected App -> Manage -> Manage Profiles. I also changed the policy to "Admin approved users are pre-authorized". And I still receive the same response.
Using the sfdx and the same jwt token I was able to authorize. But on postman I get that response. This is really weird.
User-added image

That is weird... Did you created the Connected App with the following scopes?

Selected OAuth Scopes?

- Access your basic information (id, profile, email, address, phone)
- Access and manage your data (api)
- Perform requests on your behalf at any time (refresh_token, offline_access)

I had my Connected App with scope Full Access. I thought that was saying that I have the right to do everything. But it turns out that I hadn't it. I added all the other scopes, including the "Perform requests on your behalf at any time (refresh_token, offline_access) and it worked!
Thank you Alvaro Costa.
Add me of linkedin Allan Oricil.
suneel varmasuneel varma
    "error": "invalid_grant",
    "error_description": "expired authorization code"

Above is the error message from postman,
to resolve this issue I did change on payload --> "exp": "<currenttmestampvalue>"
 "is": "<client secret>",
  "sub": "",
  "aud": "https://test.salesforce.com",
  "exp": "1604476165"

finally success message on postman
    "access_token": "00D1l0000000UlK!AR0AQOrufHlVZPRGcwysZE.U8Q4946XXd.nffBUoLoGbPkOXPsZFP0Ay9N4UlE_djzgYvcnjqFTL16R0ICsQ.y37XzzUlU0a",
    "scope": "web api",
    "instance_url": "https://infiniti--RNDev.my.salesforce.com",
    "id": "https://test.salesforce.com/id/00D1l0000000UlKEAU/0051l000003JkXWAA0",
    "token_type": "Bearer"