No such thing as a dumb question, and I’m glad you saw the existing thread on this. I have a feeling you aren’t using the right authorization server (issuer of the token).
When you say you are using Okta Authenitcation, are you using a library or widget?
If you are inspecting your JWT, what does the iss claim say (does it end with /oauth2/default)?
Can you share your configuration in the SPA?
Thanks,
Tom