I'm having a problem getting the test api login to grant me an access_token.   I am POSTing my request to https://test.salesforce.com/services/oauth2/token and here is my Request Header, I shortened the assertion value for brevity:

POST https://test.salesforce.com/services/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: test.salesforce.com
Content-Length: 415
Expect: 100-continue
Connection: Keep-Alive

grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3[ ... ]ODMzN30.OE8FouPsqAXudnKgSZ0NeWnVjA1LYPtLgk4GXMx2kno

Every time I submit this, I'm getting the following Response:

HTTP/1.1 400 Bad Request
Date: Mon, 15 Sep 2014 19:12:19 GMT
Set-Cookie: BrowserId=SntionWLRSa0UEsXlzz--g;Path=/;Domain=.salesforce.com;Expires=Fri, 14-Nov-2014 19:12:19 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked

4A
{"error_description":"expired authorization code","error":"invalid_grant"}
0

This is being written in C# .NET 4.5.1 using the JSON Web Token Handler provided by Microsoft:

public void Login()
{
            var token = GetAuthToken();
            const string uri = "https://test.salesforce.com/services/oauth2/token";
            var httpWebRequest = (HttpWebRequest)WebRequest.Create(uri);
            var authRequest = new HttpClient();

            var authContent = Uri.EscapeDataString("urn:ietf:params:oauth:grant-type:jwt-bearer");
            var authToken = Uri.EscapeDataString(token);

            WebResponse response = null;
            try
            {
                var responseMessage = await authRequest.PostAsync(uri, new StringContent(string.Format("grant_type={0}&assertion={1}", authContent, authToken), Encoding.UTF8, "application/x-www-form-urlencoded"));

                var test = "test";
            }
            catch
            {
                throw;
            }
            finally
            {
                if (response != null)
                {
                    response.Close();
                    response = null;
                }
            }
}

private static string GetAuthToken()
{
            var securityKey = GetBytes("security key I was provided");

            var tokenHandler = new JwtSecurityTokenHandler();
            var now = DateTime.UtcNow.ToUniversalTime().Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds + 6000;
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new List<Claim>
                                                {
                                                    new Claim("iss", "my client id"),
                                                    new Claim("aud", "https://test.salesforce.com"),
                                                    new Claim("prn", "user@domain.com"),
                                                    new Claim("exp", now.ToString(CultureInfo.InvariantCulture))
                                                }),
                                                AppliesToAddress = "https://test.salesforce.com",
                TokenIssuerName = "my client id",
                SigningCredentials = new SigningCredentials(
                    new InMemorySymmetricSecurityKey(securityKey),
                    "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256",
                    "http://www.w3.org/2001/04/xmlenc#sha256")
            };

            var token = tokenHandler.CreateToken(tokenDescriptor);

            return tokenHandler.WriteToken(token);
}

Any ideas or suggestions would be greatly appreciated.