JWT access tokenAnswered
I keep receiving a 400 Bad Request ("error": "invalid_grant") from the API when attempting to get an access token.
I'm posting to https://app.iformbuilder.com/exzact/api/oauth/token with assertion and grant_type parameters.
My JWT token looks like this:
And that parses fine on the jwt.io site.
Should I be replacing 'company.iformbuilder.com' with something else in the AUD? I've tried 'app.iformbuilder.com'.
I've also tried many variations of base64, base64 + URL encoding the assertion parameter, using x-www-form-urlencoded as well as form-data but just can't seem to get anything other than 'invalid_grant'.
What are some common mistakes for generating the JWT? I'm using C#:
public static string GenerateJwt(string plainTextSecurityKey, string plainTextSecuritySecret, string appliesToAddress)
var signingKey = new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes(plainTextSecuritySecret));
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);
var startDate = new DateTime(1970, 01, 01);
var generatedOnSeconds = (DateTime.Now.ToUniversalTime() - startDate).TotalSeconds;
var endDate = DateTime.Now.AddMinutes(9).ToUniversalTime();
var expiresSeconds = (endDate - startDate).TotalSeconds;
var claimsIdentity = new ClaimsIdentity(new List<Claim>()
new Claim("exp", expiresSeconds.ToString()),
new Claim("iat", ((int)generatedOnSeconds).ToString())
var securityTokenDescriptor = new SecurityTokenDescriptor()
AppliesToAddress = "https://app.iformbuilder.com/exzact/api/oauth/token",
TokenIssuerName = plainTextSecurityKey,
Subject = claimsIdentity,
SigningCredentials = signingCredentials,
var tokenHandler = new JwtSecurityTokenHandler();
var plainToken = tokenHandler.CreateToken(securityTokenDescriptor);
var signedAndEncodedToken = tokenHandler.WriteToken(plainToken);
Hi Andrew, your payload is actually not built correctly.
The "aud" parameter needs to be "https://app.iformbuilder.com/exzact/api/oauth/token" for the environment you are trying to work with.
Hope that helps,
I have tried that already (you can see in the code sample above I've changed it to app.iformbuilder.com). Here is another JWT, still not working:
Perhaps I’m doing something wrong with the exp and iat values? I think I’m calculating them correctly from 1/1/1970 and using UTC, but I may not have it right.
Also, the .net library I'm using (System.IdentityModel.Tokens.Jwt) includes an nbf value which I can't seem to get rid of.
Its in the API code samples found here https://iformbuilder.zendesk.com/hc/en-us/articles/201989314--NET-Access-Token-generation-JWT-
Please sign in to leave a comment.