Salesforce Error Solutions

Salesforce invalid_grant audience is invalid

Trying to debug the Salesforce "invalid_grant audience is invalid" error? Here's how to fix it.

What causes the Salesforce audience is invalid error?

This error happens during the OAuth 2.0 JWT Bearer Flow for authentication on the server when the aud or audience parameter is invalid for the JSON Web Token Claims. Your JSON Claims Set for the JWT should contain the following parameters:

  1. [.inline-code-highlight]iss[.inline-code-highlight]- the OAuth client_id or the Connected App’s name
  2. [.inline-code-highlight]aud[.inline-code-highlight]- the authorization server’s URL
  3. [.inline-code-highlight]sub[.inline-code-highlight]- the username of the user (if implementing for an Experience Cloud site)
  4. [.inline-code-highlight]exp[.inline-code-highlight] - the expiration time

Resolution for the audience is invalid

Make sure that the [.inline-code-highlight]aud[.inline-code-highlight] or audience parameter is one of the following:

  1. [.inline-code-highlight]https://login.salesforce.com[.inline-code-highlight]
  2. [.inline-code-highlight]https://test.salesforce.com[.inline-code-highlight]
  3. [.inline-code-highlight]https://site.force.com/customers[.inline-code-highlight] (if implementing for an Experience Cloud site)

Ready to get started?

Book a demo or start building with Paragon today.