<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Error "client_assertion_expired_token" Returned when Making POST a Request to /token Endpoint with Client Credentials and Client Secret JWT or Private Key JWT
Apr 17, 2025
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview

Requests to the /token endpoint with client assertion fail, and the Okta system log shows the error:

 

client_assertion_expired_token

 

client_assertion_expired_token

 

The response returns:

{
    "error": "invalid_client",
    "error_description": "The client_assertion token is expired."
}
Applies To
Cause

The cause for this error is that the client assertion exp value is set to a date/time that has already passed, so the JWT is no longer valid.

Solution

To resolve this, a new client assertion with a future expiration value must be created and passed in the request to the /token endpoint.

Recommended content

Still looking for help?
Loading
Error "client_assertion_expired_token" Returned when Making POST a Request to /token Endpoint with Client Credentials and Client Secret JWT or Private Key JWT