Okta access token type is not JWT

tjacjoe · July 22, 2024, 4:24am

I am using okta application with OIDC and authorization code flow with PKCE. The access token I get from okta is having the following header

The following is the header decoded

{
  "kid": "XYZKID",
  "typ": "application/okta-internal-at+jwt",
  "alg": "RS256"
}

The expected value of typ was JWT. Would anyone know why I get this typ “application/okta-internal-at+jwt” ?

vk-giri · July 22, 2024, 4:31am

Hi,

Was this token issued by the Org Authorization Server? If it was then contents of the access token are subject to change at any time without notice, therefore any attempts to validate the access token may not work in the future. Therefore, your own applications should not rely on or attempt to validate the access token.

To learn more, refer to this documentation - Authorization servers | Okta Developer

tjacjoe · July 22, 2024, 4:43am

Thank you for the quick response. Yes this was issued by the org authorization server.

system · July 23, 2024, 4:43am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Which API to use OAuth/OIDC	2	3461	June 25, 2020
Validate Okta token in java Questions	4	4940	April 6, 2020
OKTA authorization Server issue OAuth/OIDC	3	4877	August 16, 2018
Authenticating using API Token vs JWT Token OAuth/OIDC	1	4597	February 12, 2024
Login into Okta app with automation fails Questions	4	3436	January 26, 2024

Okta access token type is not JWT

Related topics