Error while validating access token

Hi,

When we are sending the access token to the server for consuming some resources then that time I’m using the following instructions to validate the access token but every time it’s failing with the error “A signing key must be specified if the specified JWT is digitally signed.] with root cause”.

https://developer.okta.com/docs/guides/validate-access-tokens/java/overview/#decoding-and-validating-the-access-token

For me, the issuer is: https://xxxxx-stage.okta.com
the audience is: https://xxxx-stage.okta.com

I have verified this using the introspect API call but need to validate at resource server.

To validate tokens, you need to have a custom authorization server. If you have a developer account, you should have one named “default” in Security > API. Its issuer URI ends in /oauth2/default.

See our docs for more information on the difference between an org authorization server and a custom one.

https://developer.okta.com/docs/concepts/auth-servers/

1 Like