This error usually occurs when you are using thumbprint as is instead of base64 encoding in x5t(in header) while creating a jwt token.
You can simply run following script to generate a base64 encoded string of your thumbprint:
# Hexadecimal string
$hexString = "<Thumbprint from portal>"
# Convert the hexadecimal string to a byte array
$bytes = for ($i = 0; $i -lt $hexString.Length; $i += 2) {
[Convert]::ToByte($hexString.Substring($i, 2), 16)
}
# Convert the byte array to a Base64 string
$CertificateBase64Hash = [System.Convert]::ToBase64String($bytes)
# Output the result
$CertificateBase64Hash
Save as .ps1 file and run it in powershell as
.\base64.ps1
Now you use this output in x5t value in header and get the token. Use the generated jwt token as client_assertion in your POST request.