Loading
Salesforce から送信されるメールは、承認済ドメインからのみとなります続きを読む

Salesforce Connector Oauth-JWT fails with invalid_client error

公開日: Jul 22, 2025
解決策

SYMPTOM

Salesforce Connector Oauth-JWT fails with invalid_client error
org.mule.runtime.api.connection.ConnectionException: Failed establishing connection with salesforce
Caused by: java.io.IOException: Invalid status code: 400, response body: {"error":"invalid_client","error_description":"invalid client credentials"}

CAUSE

To determine the cause, In the studio 
Ran the application with the following to gather more debug details. Sample debug logs attached for comparison

Add inside your src/main/resources/log4j2.xml file the following loggers:
Mule 4: <AsyncLogger name="org.mule.extension.salesforce" level="DEBUG"/>
and 
SSL debugging JAVA VM parameters
javax.net.debug=ssl 
javax.net.debug=all
-M-Djavax.net.debug=ssl
-M-Djavax.net.debug=all
Copied the logs mule_ee rolling files form folder /Applications/AnypointStudio-7.7.0.app/Contents/Eclipse/plugins/org.mule.tooling.server.4.3.0.ee_7.3.5.202010151511/mule/logs
on to SslDebugEnabledmule_ee.log
Application log file that has Salesforce connector SOAP webservice calls: oauthjwt.log

As everything works locally only configuration that is different is Certificate created and configured on the salesforce cloud server-side.

SOLUTION

Anypoint studio local configuration works but for the customer it did not work and fails with an Invalid Client Id and Identifier. The only difference in our configuration is the customer is getting 00Dr00000002i5R.bcfks from the Salesforce Gov Cloud and the customer converted it to 00Dr00000002i5R.jks.
Request customer to work with the Salesforce Support team. The Salesforce support team resolved the issue as it is related to the certificate exported from Salesforce Gov Cloud.

When there are multiple certificates in the keystore and the certificate alias is not configured in the Salesforce Connector Config, the first certificate in the keystore will be used and could cause the error if it is not the correct one. The solution is to configure the correct certificate alias in the Salesforce Connector Config.

Attachments

SslDebugEnabledmule_eeLog

ApplicationLogConnectorSoapCalls

ナレッジ記事番号

001120471

 
読み込み中
Salesforce Help | Article