Invalid_token signature is invalid - .NET core

Questions OAuth/OIDC
1

Hello there!

i’m new on this forum. I have difficulties when setting up authentication in my Web API.

I got this message when accessing my API endpoint:

invalid_token, signature is invalid

the access token is working well when i use it on postman, for example when call this endpoint: oauth2/v1/userinfo

this is my code on startup.cs

services

        .AddAuthentication(options =>

        {

          options.DefaultAuthenticateScheme = OktaDefaults.ApiAuthenticationScheme;

          options.DefaultChallengeScheme = OktaDefaults.ApiAuthenticationScheme;

          options.DefaultSignInScheme = OktaDefaults.ApiAuthenticationScheme;

        }).AddOktaWebApi(new OktaWebApiOptions()

        {

          OktaDomain = Configuration["Security:OpenIdConnect:OktaDomain"],

          AuthorizationServerId = "default",

          Audience = "api://default"

        });

am i missed something?

thanks!

2

Access Tokens issued by the Org Authorization Server are not eligible for local token validation, as explained in the following article: Signature Validation Failed on Access Token | Okta Help Center

Our .NET WebApi docs also highlight this limitation:

Note: The Org Authorization Server is not supported for Web API because the access token issued by this Authorization Server cannot be validated by your own application. Check out the Okta documentation to learn more.

If you need to configure a WebApi integration, you will need to use a Custom Authorization Server instead, which may require an additional license for your org.