On the production org, do you have the option to create custom authorization servers? This should be available under Admin >> Security >> API >> Authorization Servers.
I will check with the admins and get back to you on that.
BTW, the exception above is when validating the id_token, not access_token. Isn’t the custom auth servers for the scenario when access_token is used for authorization? For our use case okta.org is sufficient, the only thing we do with the auth_token we get back is call Okta for userinfo.
I saw in another thread (Error: The signature key was not found) where someone was running to similar problems and ended up disabling the validation of the id_token. Wondering whether we have to go down that path.
Anyway will find out about the ability to create custom auth servers.
Can you please open a support case with developers@okta.com in order to have this issue investigated? On the Okta authorization server, there should not be any problems in gathering the signing keys for ID tokens.