diff --git a/vault/identity_store_oidc.go b/vault/identity_store_oidc.go
index 9e7ec78d8..fded7620f 100644
--- a/vault/identity_store_oidc.go
+++ b/vault/identity_store_oidc.go
@@ -698,7 +698,7 @@ func (i *IdentityStore) pathOIDCGenerateToken(ctx context.Context, req *logical.
 	}
 	// Validate that the role is allowed to sign with its key (the key could have been updated)
 	if !strutil.StrListContains(key.AllowedClientIDs, "*") && !strutil.StrListContains(key.AllowedClientIDs, role.ClientID) {
-		return logical.ErrorResponse("The key %q does not list the client id of the role %q as an allowed_clientID", role.Key, roleName), nil
+		return logical.ErrorResponse("the key %q does not list the client ID of the role %q as an allowed client ID", role.Key, roleName), nil
 	}
 
 	// generate an OIDC token from entity data
diff --git a/vault/identity_store_oidc_test.go b/vault/identity_store_oidc_test.go
index 95b84afc9..8df132d9a 100644
--- a/vault/identity_store_oidc_test.go
+++ b/vault/identity_store_oidc_test.go
@@ -497,7 +497,7 @@ func TestOIDC_SignIDToken(t *testing.T) {
 	expectError(t, resp, err)
 	// validate error message
 	expectedStrings := map[string]interface{}{
-		"The key \"test-key\" does not list the client id of the role \"test-role\" as an allowed_clientID": true,
+		"the key \"test-key\" does not list the client ID of the role \"test-role\" as an allowed client ID": true,
 	}
 	expectStrings(t, []string{resp.Data["error"].(string)}, expectedStrings)