Identity Provider callout POST

i’ve created an idp app (facebook) and configured the callout action as post for JIT provisioning.
this is what is posted to my controller:

{id=sat5a8bz55NCmYufP0h6, status=ACCOUNT_JIT, expiresAt=2018-05-30T11:07:44.000Z, created=2018-05-30T10:59:24.000Z, idp={id=0oae60u3etZAtvB6v0h7, name=fb, type=FACEBOOK}, context={ipAddress=, userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0}, _links={cancel={href=, hints={allow=[POST]}}, provision={href=, hints={allow=[POST]}}, source={href=}, target={href=}}}

So…i try a simple CURL as follow:

    curl -v -X GET -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: SSWS {api-token}" -d '{
    }' "https://dev-{myaccount}"

but the response from okta service is:

{"errorCode":"E0000011","errorSummary":"Invalid token provided","errorLink":"E0000011","errorId":"oaem9nxz36MS6qdPtDkCXk2XA","errorCauses":[]}

If instead of POST i chose a HTTP-REDIRECT for callback and the returned tx_id works.
What’s wrong?
Another problem that i have with POST callout is that okta return “INVALID_CALLOUT_RESPONSE” error. What response my controller should return?