Brian Demers
Okta exposes the public keys through a JWKS endpoint, which can be found using the OIDC discovery endpoint, for example: https://{yourOktaDomain}/oauth2/default/.well-known/openid-configuration, look for the jwks_uri value.
Okta has two types of issuer (Okta Authorization Servers). Only the one formatted as https://{yourOktaDomain}/oauth2/{id} supports local JWT validation (were {id} is usually “default”)