function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Juan TLJuan TL 

Expired Authorization Code using the JWT Bearer Token Flow

I am stuck trying to obtain a token via the JWT Bearer Token Flow. I followed the steps here https://dreamevent.secure.force.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5

1. Created the connected app and generated a JWT Bearer Token using the sample code provided by Salesforce

2. Authorised the app via the browser successfully with a POST request like the below

https://test.salesforce.com/services/oauth2/authorize?response_type=code&client_id=3MVG9KlmwBKoC7U3w7pS2H7mWZgOv7hyIA9Tj...90JmPpk&redirect_uri=https://test.salesforce.com/services/oauth2/success

3. Now trying to execute this from Postman using the below

https://test.salesforce.com/services/oauth2/token?assertion=e...ip5reUNICJbwa_tEDErguFZuSVjv8_eaO_wM6D9cM6ycAA73YBcw&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer

 I keep on receiving the error 
    "error": "invalid_grant",
    "error_description": "expired authorization code"

Anybody experienced this previously? I would be grateful for help on this
AlvaroCostaAlvaroCosta
Hi Juan, Could you overcome this error: expired authorization code?
allan31allan31
Im with the same problem. 
Could anyone help us? 
AlvaroCostaAlvaroCosta
For me it worked when I download the log file from Salesforce ORG and paste the JWT assertion in POSTMAN, before I was copying the assertion from screen but Salesforce truncates it. It's was my mistake that time.

oauth2/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={{JWT Assertion from Log File}}
allan31allan31
Hi Alvaro,

I was able to fix that issue. My expiration date was 3 seconds and now it is an entire day. But I got stucked in another problem.

{
    "error": "invalid_request",
    "error_description": "refresh_token scope is required and the connected app should be installed and preauthorized."
}

I already pre-authorized the Connected App for System Administrator by going to Connected App -> Manage -> Manage Profiles. I also changed the policy to "Admin approved users are pre-authorized". And I still receive the same response.
allan31allan31
Using the sfdx and the same jwt token I was able to authorize. But on postman I get that response. This is really weird.
User-added image
AlvaroCostaAlvaroCosta

That is weird... Did you created the Connected App with the following scopes?

Selected OAuth Scopes?

- Access your basic information (id, profile, email, address, phone)
- Access and manage your data (api)
- Perform requests on your behalf at any time (refresh_token, offline_access)
allan31allan31
I had my Connected App with scope Full Access. I thought that was saying that I have the right to do everything. But it turns out that I hadn't it. I added all the other scopes, including the "Perform requests on your behalf at any time (refresh_token, offline_access) and it worked!
Thank you Alvaro Costa.
Add me of linkedin Allan Oricil.
suneel varmasuneel varma
{
    "error": "invalid_grant",
    "error_description": "expired authorization code"
}

Above is the error message from postman,
to resolve this issue I did change on payload --> "exp": "<currenttmestampvalue>"
example:
 "is": "<client secret>",
  "sub": "",
  "aud": "https://test.salesforce.com",
  "exp": "1604476165"
}

finally success message on postman
{
    "access_token": "00D1l0000000UlK!AR0AQOrufHlVZPRGcwysZE.U8Q4946XXd.nffBUoLoGbPkOXPsZFP0Ay9N4UlE_djzgYvcnjqFTL16R0ICsQ.y37XzzUlU0a",
    "scope": "web api",
    "instance_url": "https://infiniti--RNDev.my.salesforce.com",
    "id": "https://test.salesforce.com/id/00D1l0000000UlKEAU/0051l000003JkXWAA0",
    "token_type": "Bearer"
}