I get a different oidc token when specifying "sessionToken"

I am using AWS AppSync with Okta OpenID Connect for authorization.
I configured OTP MFA for most users, and Secret Answer for a special CI user.

When a human user logs in through the browser everything works fine, and the token AppSync verifies against Okta is valid.
For the CI user I automated authenticating the user using username/password credentials, then verifying the secret answer using the state_token, to get a sessionToken, and finally get the id_token using the sessionToken.

To get the id_token I send a GET request to
{{baseUrl}}/oauth2/v1/authorize?client_id={{CLIENT_ID}}&sessionToken={{sessionToken}}&nonce=123456&response_type=id_token&scope=openid%20profile&state=test&redirect_uri={{redirectUri}}

The token returns from Okta when I specify the sessionToken fails verification by the Okta OIDC endpoint.

I compared the requests in the SystemLog
When a regular user generates the id_token the SystemLog event type is “OAuth2 authorization implicit ID token request”
However when the CI code generates the id_token the SystemLog event type is “OIDC authorization implicit ID token request”

This is unexpected. The only thing different for the CI process is adding the “systemToken” parameter to the “/authorize” URL.

Is there a problem using the “sessionToken”? Why does the token it generates fail the OIDC verification?

I used the a different URL to authorize
I should have used
/oauth2/default/v1/authorize
I used
/oauth2/v1/authorize