Validate access token in our resource endpoint

Our setup:

We create two application in okta dashboard each for below applications

  1. one android app
  2. one microservice (We are using Okta JWT Verifier for Java to verify access token jwt)


We are passing access token in the header to the resource API (GET, POST etc. requests).

  • When we generate access token directly by hitting okta’s oauth endpoint and pass it along to the header we did not get any error.
  • But when we pass from access token from the app we get exception A signing key must be specified if the specified JWT is digitally signed ?