Access Token from Okta has invalid signature

I’m trying to use the Access Token Okta passed to my client to retrieve userInfo on the server side.

When sending the token to https://dev-552657.okta.com/oauth2/v1/userinfo, I get in the headers:

WWW-Authenticate →Bearer authorization_uri="http://dev-552657.okta.com/oauth2/v1/authorize", realm="http://dev-552657.okta.com", scope="openid", error="invalid_token", error_description="The access token is invalid.", resource="/oauth2/v1/userinfo"

When I manually validate the signature on jwt.io, it also shows an invalid signature.

However, the jwt-verifier module in Vue does accept this Access token, which is weird.
Anyone had this issue before?

Hi @gmkung

Can you provide a sample payload that you are using to send the request to /oauth2/v1/userinfo?