Signature validation failed. Unable to match keys kid

I have an angular application with .net core backend. I am authenticating the angular app and getting back the JWT token. I created an interceptor and I am passing the Bearer token in the header back to the .Net service. I am trying to authorize the backend end point using the JWT token and I am getting 401
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[7]
Bearer was not authenticated. Failure message: IDX10501: Signature validation failed. Unable to match keys:
kid: '_S5j0lZKMpwMp73sUrVNGfvPXcMwf…

in my .Net code I am doing the JWT authentication
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddCookie()
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration[“Okta:Domain”],
ValidAudience = Configuration[“Okta:aud”]

         };

I know I might be missing the SigningKey validation but how can I get the singing key?
I followed what’s in https://developer.okta.com/code/dotnet/jwt-validation/
but https://{domain}/oauth2/default/.well-known/oauth-authorization-server is returning
“You do not have permission to access the feature you are requesting”

Am I doing the right thing here? All what I want is to use the JWT token I get back when I authenticate and use it to authenticate and authorize my back end end points.

Appreciate any help?

Thanks

ValidIssuer = Configuration[“Okta:Domain”],

It sounds like you are trying to validate a token issued by the Okta Org Authorization Server instead of a Custom Authorization Server, is that right?

In order to validate your tokens locally (instead of remotely by sending them to the /introspect endpoint), you will need to have the API Access Management feature enabled in your Okta instance so that you can use a Custom Authorization Server. You can read about this here: https://support.okta.com/help/s/article/Signature-Validation-Failed-on-Access-Token