place client_assertion jwt in body instead of url (#424)

okta · Dec 11, 2024 · bdb9838 · bdb9838
1 parent bf19b92
commit bdb9838
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/okta/oauth.py b/okta/oauth.py
@@ -48,8 +48,7 @@ async def get_access_token(self):
             'grant_type': 'client_credentials',
             'scope': ' '.join(self._config["client"]["scopes"]),
             'client_assertion_type':
-                'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
-            'client_assertion': jwt
+                'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
         }
 
         encoded_parameters = urlencode(parameters, quote_via=quote)
@@ -59,7 +58,7 @@ async def get_access_token(self):
 
         # Craft request
         oauth_req, err = await self._request_executor.create_request(
-            "POST", url, None, {
+            "POST", url, {'client_assertion': jwt}, {
                 'Accept': "application/json",
                 'Content-Type': 'application/x-www-form-urlencoded'
             }, oauth=True)