Hi @mkhan! I see that you are using an Okta Org Authorization Server which means that it doesn’t have true access tokens, but rather opaque tokens; therefore will not have a valid key-id. This support page has more info on this distinction here https://support.okta.com/help/s/article/Signature-Validation-Failed-on-Access-Token?language=en_US.
According to this thread - Verify token signature, you shouldn’t need to validate access tokens from the Okta Org Authz Server.
Do you require access tokens to protect your APIs as described here https://support.okta.com/help/s/article/Difference-Between-Okta-as-An-Authorization-Server-vs-Custom-Authorization-Server?language=en_US? If yes, you may need to upgrade to our API Access Management feature.