The “Default” Custom Authorization Server (issuer === https://oktaDomain/oauth2/default) does support Client Credentials flow, but the “Org” Authorization Server (issuer === https://oktaDomain) only supports CC flow using Private Key JWT auth to receive an Access Token you can use against Okta’s APIs.
For machine to machine auth, you must use a custom authorization server. You will not be able to locally validate access tokens issued by the Org Authorization Server as they are only intended to be consumed by Okta’s APIs.
More details about OAuth for Okta APIs here: Implement OAuth for Okta with a service app | Okta Developer