You shouldn’t be using Okta’s auth server for protecting your APIs. (And you don’t have to verify its access token in any case)
If there is no default auth server configured for your org, you can create your own auth server as explained in this document - https://developer.okta.com/authentication-guide/implementing-authentication/set-up-authz-server#create-an-authorization-server
Let us know if you have other questions.