Access token validation failed


#1

Hello all

I am facing a problem when validating the access token it seems that the public key that I receive from the endpoint /keys is not valid knowing that it is the right key because the kid on the jwt header is good.

Ps: i’m not using okta jwt verfier

Thanks for your help


#2

Hi,
Can you provide some more information?

  1. Which tool/library are you using to validate the access token?
  2. What is the issuer URL that you have set? It should be of the form https://{yourOktaDomain}.com/oauth2/default
  3. Which /keys endpoint are you invoking? It should be of the form https://{yourOktaDomain}.com/oauth2/default/v1/keys

Also any information on your use-case and details about the application/technology you are using would be helpful in finding out the issue.

Thanks,
Vijet


#3

i am also facing the same issue , actually i am using Okta JWT Verifier for Java library for validating access token , but when i pass access token , i got Failed to validate JWT string Error
i am really confuse with this , please me


#4

which authorization server are you using??
if its the default one you can’t validate the access token, you have to create new one
Capture


#5

i have tried this also , created custom authorization , generate new access token but stilling getting same error


#6

can you share your code so that I can help you


#7

These types of validation errors are almost always because the wrong authorization server is being used. Make sure the authority/issuer setting in your JWT validation code is using a custom authorization server such as default.


#8

Same problem here. The authorization server looks like a match to mine - the “default” in my authorization server list https://dev-nnnnnn.oktapreview.com/oauth2/default The kid also matches when I check the jwks_uri. I’m using the OktaDemo.XF app. That app says authorization was successful. I grab the access token from there and sending it to the java app, which uses the OKTA java verifier. What are the other cases where this fails besides wrong authorization server?