I’m trying to use the Access Token Okta passed to my client to retrieve userInfo on the server side.
When sending the token to https://dev-552657.okta.com/oauth2/v1/userinfo, I get in the headers:
WWW-Authenticate →Bearer authorization_uri="http://dev-552657.okta.com/oauth2/v1/authorize", realm="http://dev-552657.okta.com", scope="openid", error="invalid_token", error_description="The access token is invalid.", resource="/oauth2/v1/userinfo"
When I manually validate the signature on jwt.io, it also shows an invalid signature.
However, the jwt-verifier module in Vue does accept this Access token, which is weird.
Anyone had this issue before?