Are you sending the tokens to your own API (OAuth use case) or are you sending them to Okta to use against Okta’s APIs?
If sending to your own endpoints that you’re protecting with tokens issued by Okta, I recommend reviewing this thread which explains why you may be seeing this behavior.