Auth0 Home Blog Docs

Sporadic error "invalid client id" when calling /delegation to get Salesforce access token



Here is my request:


  "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
  "client_id": "[some valid client id]",
  "id_token": "[id token for the same client]",
  "api_type": "salesforce_api"

And I’m getting this error back:

  "error": "invalid_client_id",
  "error_description": "client identifier invalid",
  "statusCode": 400

I believe this error is coming from Salesforce, and Auth0 is just relaying it.
The likely cause of this issue (and solution) can be found here:

In short, instead of requesting Salesforce access tokens from to (Salesforce) or (Salesforce Sandbox), Auth0 needs to go directly to the pod of the user to request for SF access token. (e.g. instead of The pod of the user can be found from the user’s profile information.

I know that /delegation endpoint is considered deprecated, but I need to force a refresh of Salesforce access token because instructions from is giving me expired Salesforce accesss tokens, and there’s no other way to do this as far as I am aware?


I had faced similar issue and I am using nimbus OAuth2 client, to resolve the issue I had to set client_id and client_secret as custom params of the TokenRequest. It works well with the