I am generating an access token using the /token API endpoint. When I use that token to make a request to my back-end I get the following error from verifyAccessToken().
Error while resolving signing key for kid
Probably a configuration error of some sort. Was hoping for maybe a tip on where to start looking.
What’s the issuer for the token you are trying to validate (‘iss’ claim) and does it match the issuer you have configured the verify to check against?
Review this article to see if this situation might apply to you: Signature Validation Failed on Access Token | Okta Help Center
Yeah, the issuer in the ‘iss’ is missing ‘/oauth2/default’ from the path. Can you remind me where or how that is set in the Okta application?
You’ll need to make sure that the token requests you are making go to the Default AS (presuming the org you are using is able to use this auth server). That means the /token endpoint used will be https://org.okta.com/oauth2/default/v1/token. If using one of our SDKs to get tokens, you need to insure the issuer value in the config is set correctly to use the Default server.
You can find all the endpoints associated with this server (and proof whether or not you can use it) by accessing its discovery endpoint(s): https://org.okta.com/oauth2/default/.well-known/openid-configuration and https://org.okta.com/oauth2/default/.well-known/oauth-authorization-server
Yes thanks, that gets me a step further. I was calling oauth2/v1/token instead of oauth2/default/v1/token.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.