Thanks for jumping in @bromanko!
To add some more explanation: you do need an authorization server set up to validate access tokens. When you create a new organization thru http://developer.okta.com, an AS called
default is set up for you automatically, which should work fine with the above instructions for aspnetcore 2.0. If you want, you can create your own AS.
As @bromanko pointed out, there’s another authorization server (the Okta Org AS) that’s limited and isn’t meant to be used for these use cases. That’s not the same as the
default AS. Sorry for the confusion.
@pavlo.tsybulivskyi if you are unable to validate access tokens with the
default AS in a new developer organization, let me know. That should work.