Access token validation failed

Hello all

I am facing a problem when validating the access token it seems that the public key that I receive from the endpoint /keys is not valid knowing that it is the right key because the kid on the jwt header is good.

Ps: i’m not using okta jwt verfier

Thanks for your help

Can you provide some more information?

  1. Which tool/library are you using to validate the access token?
  2. What is the issuer URL that you have set? It should be of the form https://{yourOktaDomain}.com/oauth2/default
  3. Which /keys endpoint are you invoking? It should be of the form https://{yourOktaDomain}.com/oauth2/default/v1/keys

Also any information on your use-case and details about the application/technology you are using would be helpful in finding out the issue.


1 Like

i am also facing the same issue , actually i am using Okta JWT Verifier for Java library for validating access token , but when i pass access token , i got Failed to validate JWT string Error
i am really confuse with this , please me

which authorization server are you using??
if its the default one you can’t validate the access token, you have to create new one

i have tried this also , created custom authorization , generate new access token but stilling getting same error

can you share your code so that I can help you

These types of validation errors are almost always because the wrong authorization server is being used. Make sure the authority/issuer setting in your JWT validation code is using a custom authorization server such as default.

Same problem here. The authorization server looks like a match to mine - the “default” in my authorization server list The kid also matches when I check the jwks_uri. I’m using the OktaDemo.XF app. That app says authorization was successful. I grab the access token from there and sending it to the java app, which uses the OKTA java verifier. What are the other cases where this fails besides wrong authorization server?

Hi, I have a similiar problem. I’m trying to understand the flow of authentication. I’m using PHP as backend and it works, it validate the token. But I’m trying to validate the signature of my token manually (using So I found the key from the api /keys but when I try to validate the token I get “wrong signature”. The public keu is correct since the kid is the same. Do you know the reason?

EDIT: I understood that “n” is not the key, but the modulus and that key is generated from “n” and “e”. So I used an online resource which take in input modulus and exponent, it generates a key but still I get Invalid signature from

Hi @thefedex87

As mentioned here, you can use a script like the one available here to calculate the public key from the modulus and exponent.

1 Like