sfdx jwt:grant unable to authenticate

I’m having issues trying to use jwt:grant to log in while specifying the instanceurl in the command. I’m currently working on this in a sandbox. But our orgs are configured to not allow log ins from login.salesforce and test.saleforce.

When I try this command

sfdx force:auth:jwt:grant -u myusername@here.com.sandbox -f ~/Documents/JWT/server.key -i [The client Id] -r https://my-custom-domain.cs14.my.salesforce.com

I get the following error

ERROR:  This org appears to have a problem with its OAuth configuration. Reason: invalid_grant - audience is invalid   
username: sfdcautomation@coverity.com.cicdtest,
clientId: [The client id], 
loginUrl: <Not Specified>, 
privateKey: [correct location]/server.key. 

Try this: Verify the OAuth configuration for this org. For JWT: 
Ensure the private key is correct and the cert associated with the connected app has not expired. 
Ensure the following OAuth scopes are configured [api, refresh_token, offline_access]. 
Ensure the username is assigned to a profile or perm set associated with the connected app. 
Ensure the connected app is configured to pre-authorize admins.

But if I disable the login policy and change the instance url to https://test.salesforce.com. It works.

Any ideas how to solve this? I won’t be able to turn the login policy off in out full sandboxes or production.

Answer

The answer is here:
This org appears to have a problem with its OAuth configuration. Reason: invalid_grant – audience is invalid

Run the following command first

export SFDX_AUDIENCE_URL=https://test.salesforce.com

Attribution
Source : Link , Question Author : Mike , Answer Author : a_sdfc_developer

Leave a Comment