Scot
I fixed this error Using @okta/jwt-verifier": “^1.0.0” by adding the audience (aud) parameter.
In server.js change the line from
oktaJwtVerifier.verifyAccessToken(accessToken)
to
oktaJwtVerifier.verifyAccessToken(accessToken, ‘api://default’)
----- More at ----
“The expected audience passed to verifyAccessToken() is required, and can be either a string (direct match) or an array strings (the actual aud claim in the token must match one of the strings).”