JWT authentication errors

You may run into some of these errors when building out your authentication code via the Redox Platform API.

Example error

An error response may look like this:

Common error descriptions

You may come across any of the following error_descriptions. We provide some notes below about the reasons for these errors or instructions for how to fix them.

Error description
x-www-form-urlencoded content-type required
The content-type header needs to be application/x-www-form-urlencoded when POSTing to the /v2/auth/token endpoint.
Missing grant_type parameter or The grant_type parameter should equal 'client_credentials'
The request body needs a key of grant_type set to client_credentials per the OAuth 2.0 specification.
Missing client assertion type or Invalid client assertion type
The request body needs the client_assertion_type parameter with the value: urn:ietf:params:oauth:client-assertion-type:jwt-bearer. Learn more about rfc7523.
Missing client assertion
The request body needs the parameter client_assertion with the value of your signed JWT.
JWT header kid property is required
We require that a kid property be sent in the header of your signed JWT. This allows you to use multiple public keys, or do key rotations. Many libraries support this functionality out of the box.
Public key not found, check client_id, kid and Redox dashboard settings
Something is wrong with the configuration for your API key. You may see this error if any of these steps fail: (a) Pull the client_id out of the signed JWT iss property; (b) look up the corresponding public keys from the JWKS url or dashboard; and (c) use the kid property from the JWT header to find the right public key to verify with. If this error appears, you may have the wrong client_id in your assertion or you may have forgot to click the Save Changes button when setting public keys in the dashboard.