From 61bf7824f1e15a40d4af82a7cebc8988ff4cd250 Mon Sep 17 00:00:00 2001
From: Bryan Apellanes <bryan.apellanes@okta.com>
Date: Tue, 10 Dec 2024 11:50:21 -0600
Subject: [PATCH] place client_assertion jwt in body instead of url

---
 okta/oauth.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/okta/oauth.py b/okta/oauth.py
index 0ff18923..680987ae 100644
--- a/okta/oauth.py
+++ b/okta/oauth.py
@@ -48,8 +48,7 @@ async def get_access_token(self):
             'grant_type': 'client_credentials',
             'scope': ' '.join(self._config["client"]["scopes"]),
             'client_assertion_type':
-                'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
-            'client_assertion': jwt
+                'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
         }
 
         encoded_parameters = urlencode(parameters, quote_via=quote)
@@ -59,7 +58,7 @@ async def get_access_token(self):
 
         # Craft request
         oauth_req, err = await self._request_executor.create_request(
-            "POST", url, None, {
+            "POST", url, {'client_assertion': jwt}, {
                 'Accept': "application/json",
                 'Content-Type': 'application/x-www-form-urlencoded'
             }, oauth=True)