You may run into some of these errors when trying to authenticate an OAuth API key.
An error response may look like this:
You may come across any of the following error_descriptions. We provide some notes below about the reasons for these errors or instructions for how to fix them.
Error description | Notes |
|---|---|
"" | If you receive a blank error_description, confirm that all the parameter values (e.g., aud, alg, jti) are correct. Review the expected values if you need a refresher. |
x-www-form-urlencoded content-type required | The content-type header needs to be application/x-www-form-urlencoded when POSTing to the /v2/auth/token endpoint. |
Missing grant_type parameter or The grant_type parameter should equal 'client_credentials' | The request body needs a key of grant_type set to client_credentials per the OAuth 2.0 specification. |
Missing client assertion type or Invalid client assertion type | The request body needs the client_assertion_type parameter with the value: urn:ietf:params:oauth:client-assertion-type:jwt-bearer. Learn more about rfc7523. |
Missing client assertion | The request body needs the parameter client_assertion with the value of your signed assertion. |
JWT header kid property is required | We require that a kid property be sent in the header of your signed assertion. This allows you to use multiple public keys, or do key rotations. Many libraries support this functionality out of the box. |
Public key not found, check client_id, kid and Redox dashboard settings | Something is wrong with the configuration for your API key. You may see this error if any of these steps fail: (a) Pull the client_id out of the signed JWT iss property; (b) look up the corresponding public keys from the JWKS URL or dashboard; and (c) use the kid property from the JWT header to find the right public key to verify with. If this error appears, you may have the wrong client_id in your assertion or you may have forgot to click the Save Changes button when setting public keys in the dashboard. |