OAuth 2.0 unable to get access token

Hello everyone, I am new to the community and I faced some error and hope that I can get some help here!

What I want to do is to get authenticated via OAuth and retrieve the access token so that I can call the APIs

But I keep facing the error of invalid client when I try to do a POST Request to https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token

My steps:

  1. Created an application through build apps tab on fhir epic and its currently not on production mode yet.
  2. Created a rsa private/public key pair using openssl
  3. Use jwt.io website to create a JWT

Note: I tried the request at around 13:15:40pm GMT+8. JTI’s guid value is randomly generated. ISS/Sub is non-production clientID
4. Copied the encoded value into the postman’s parameter of “client_assertion”

400 Bad Request
{“error”: “invalid_client”, “error_description”: null}

I am not sure what have I missed/done wrong, I have been stuck at this for 3 days… Created new pair of public/private key, created multiple apps (have 3 now) to make sure that the public key that I link to is the right one. Please do provide assistance, thank you!

Please help me thank you

Have you tried reaching out to Epic?

Hello, thank you so much for the reply. I am actually not sure how do I reach out to Epic, is their email open@epic.com or? I am sorry if I asked such a stupid question but I hope you can help me.


Was this issue resolved? I am also facing the same issue.


I’m having the same issue as the original poster. I used your contact referral to ask for help from Epic. So thanks for that. From your experience, how long would you guess it would be before I heard from epic.com/home/contact? The error message I’m getting says Protocol error. I forced TLS 1.2 and HTTP/1.1 but those were already the defaults. Maybe protocol doesn’t mean what I think it means.

Jim Tolonen

If you don’t hear a response in a couple of business days, raise the question on http://chat.fhir.org noting that you’ve reached out on Epic’s preferred channel and haven’t had a response and I can try to grab the attention of some folks who might be able to help.

Hi ,
You have to set only exp time exact 05 min from your time now. It works.you don’t set iat and nbf.

Hi Gowtham,

How do I make sure the exp time is exactly 5 minutes from the time you submit the request?
You can’t include the JWT token generation time. By the time I generate the token on jwt.io and
copied and pasted it into Postman, seconds would have passed. The doc says as long as the
exp is < 5 minutes from now, it’s OK.