I’m integrating an app in ISC using OAuth 2.0 JWT Bearer. The connection works with the Web Service (SaaS) source, but I need to switch to a VA-based Web Services source for a reason. Now, the same config that works in SaaS fails on the VA connector. In SaaS, I don’t need to explicitly specify iat and exp in the payload. On VA, the WSSource requires them, and I’m not sure what exact format the connector expects.
This is the error I am getting:
Exception occurred in Test Connection. Error: Exception occurred while generating access token:
Unable to generate access token. Response returned:
{“error”:“invalid_grant”,“error_description”:“Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.”}
I have I tried the UTC epoch seconds for iat and exp, example, 1758127737 but that doesn’t work.
What exact format does the VA Web Services connector expect for iat and exp?
Does the VA connector auto-inject iat/exp when an “assertion expiry” is set, or must they be manually included in the JWT payload?