HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store
{
  "error": "invalid_grant",
  "error_description": "audience is invalid"
}

What causes the Salesforce audience is invalid error?

This error happens during the OAuth 2.0 JWT Bearer Flow for authentication on the server when the aud or audience parameter is invalid for the JSON Web Token Claims. Your JSON Claims Set for the JWT should contain the following parameters:

1. iss- the OAuth client_id or the Connected App’s name

2. aud- the authorization server’s URL

3. sub- the username of the user (if implementing for an Experience Cloud site)

4. exp - the expiration time

Resolution for the audience is invalid error

Make sure that the [.inline-code-highlight]aud[.inline-code-highlight] or audience parameter is one of the following:

1. https://login.salesforce.com

2. https://test.salesforce.com

3. https://site.force.com/customers(if implementing for an Experience Cloud site)

‍