OKTA authorization Server issue


I am implementing a OIDC implicit flow application and running into issues with Authorization Server configuration.

During my development, I used the default custom authorization server (https://dev-xxxx.oktapreview.com/oauth2/default/v1/authorize) and it worked. However, when using my org OKTA, it is throwing “Invalid JOSE Header kid (xxxxxxx-uJPflI)”.

The issuer for Org OKTA I was given is: https://<company>.oktapreview.com

Is it possible to authenticate an accessToken against the default Authorization Server? Any ideas on this?


That authorization server is for your Okta org and the Okta Org’s APIs.

You want to set the issuer to:

Thanks Tom! I was said to use the org okta since there isn’t a default custom authorization server.

It seems though an app needs a custom authorization server to be able to validate access token (OIDC implicit flow)

Thanks for helping