Netsuite: Oauth 2.0 Machine to machine invalid request

I’m trying to setup the Oauth 2.0 authentication Machine to machine in Postman to get an access token for Netsuite.
Postman => Netsuite
I already have created TBA (Oauth 1.0) issue token endpoint and 3ways flow.
I also already have created code that were using Oauth 2.0 Authorization code grant flow.
But this time I can’t manage to successfully get the access token

I followed the documentation regarding the connection, but I always get invalid_request.
Here is the documentation:

I have created the integration, the certificates and the mapping.
I also have compared the JWT created with the help of https://jwt.io/#debugger-io and it work well.
But while sending the request with Postman, it said that this is an invalid request.

Here is the pre-request script in Postman:

const CryptoJS = require('crypto-js');
const CERTIFICATE_ID = pm.environment.get("CERTIFICATE_ID");
const CLIENT_ID = pm.environment.get("CLIENT_ID");
const ACCOUNT_ID = pm.environment.get("ACCOUNT_ID");
const AUD = "https://" + ACCOUNT_ID + ".suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token";
const SIGNATURE_CERTIFICATE = pm.environment.get("SIGNATURE_CERTIFICATE");
let iat = Date.now();
let interval = 1000 * 60 * 30;
let exp = iat + interval;
iat = Math.floor(iat / 1000);
exp = Math.floor(exp / 1000);
let grant_type = "client_credentials";
let client_assertion_type = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
let client_assertion_type_encoded = encodeURIComponent(client_assertion_type)
let client_assertion = "";
let header;
let header_encoded;
let payload;
let payload_encoded;
let signature;

// 1) Create the header
header = {
    typ : "JWT",
    alg : "ES256",
    kid : CERTIFICATE_ID
}

// 2) Encode the header
header_encoded = base64url(CryptoJS.enc.Utf8.parse(JSON.stringify(header)))

// 3) Create the paypload
payload = {
    "iss" : CLIENT_ID,
    "scope" : "rest_webservices",
    "aud" : AUD,
    "exp" : exp,
    "iat" : iat
}

// 4) Encode the payload
payload_encoded = base64url(CryptoJS.enc.Utf8.parse(JSON.stringify(payload)))

// 5) Create the signature
signature = base64url(CryptoJS.SHA256(SIGNATURE_CERTIFICATE, header_encoded + "." + payload_encoded))

// 6) Merge the information to create the client assertion
client_assertion = header_encoded + "." + payload_encoded + "." + signature

// 7) Update the variable
// post_parameter = "grant_type=" + grant_type + "&client_assertion_type=" + client_assertion_type + "&client_assertion=" + client_assertion
pm.environment.set("GRANT_TYPE", grant_type);
pm.environment.set("CLIENT_ASSERTION_TYPE", client_assertion_type_encoded);
pm.environment.set("CLIENT_ASSERTION", client_assertion)
// pm.environment.set("CONCATENED_PARAMS", post_parameter);
console.log("URL encoded values", {
    grant_type, client_assertion_type, client_assertion
})

function base64url(source) {
    // Encode in classical base64
    encodedSource = CryptoJS.enc.Base64.stringify(source)
    
    // Remove padding equal characters
    encodedSource = encodedSource.replace(/=+$/, '')
    
    // Replace characters according to base64url specifications
    encodedSource = encodedSource.replace(/+/g, '-')
    encodedSource = encodedSource.replace(///g, '_')
    
    return encodedSource
}

enter image description here
enter image description here

Did I miss something?