How to determine the correct 'audience' and 'uri' when using OAuth 2.0 JSON Web Token (JWT) Bearer Token Flow

Question

I have correctly been able to use "OAuth 2.0 Web Server Authentication Flow" and now I'd like to switch to "OAuth 2.0 JWT Bearer Token Flow".

I wrote a test application in Node.js with the values two values:

audience: 'https://instance.salesforce.com'

and

uri: 'https://instance.salesforce.com/services/oauth2/token'

The response that is coming back is stating:

null 400 {"error":"invalid_grant","error_description":"audience is invalid"}

Also, when I look at the Salesforce Dashboard Login History, I can see "Failed: Audience Invalid".

The question I have is, how do I determine the correct 'audience' and 'uri' value. At the moment, I am using the sandbox.

The help article about JWT Token Flow is a great resource for identifying values that are acceptable for the audience and the URI for the target endpoint. Are you using values shown in the documentation and receiving errors? — Mark Pond
– Mark Pond, Commented Apr 13, 2018 at 21:42

Mohith Shrivastava · Accepted Answer · 2018-04-13 22:00:32Z

4

You only need audience for the oauth 2.0 JWT bearer token flow and for the salesforce sandbox the value is always https://test.salesforce.com .

You don't need uri for this flow .The below document is a great resource for this

answered Apr 13, 2018 at 22:00

92.7k19 gold badges163 silver badges216 bronze badges

1 Answer 1