Access Token signed with unknown signature (KID cannot be found anywhere) Skip to main content
https://support.okta.com/help/answers?id=9062a000000quqlqac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Maxime AndradeMaxime Andrade 

Access Token signed with unknown signature (KID cannot be found anywhere)

Hi, i'm retrieving id_token and access_token with javascript SDK by signing in with username/password.
When passing access_token to my backend, signature cannot be verified. In fact, the kid claim in token header is different from those available in /default/v1/keys !
I have only one auth server. Any idea ?
Thomas KirkThomas Kirk (Okta, Inc.)
Hey Maxime,

Can you provide the code snippet to better help debug? 

My initial thought is that you are making the authorize call as /oauth2/v1/authorize instead of /oauth2/default/v1/authorize. 

Also look at this: https://github.com/okta/okta-auth-js#openid-connect-options. You may need to set your issuer and authorizeUrl . Again, this is just a hunch so if you can can provide a code snippet that would be great.

 
Maxime AndradeMaxime Andrade
Hi, Thanks for your answer. I in fact had to specify the issuer in js SDK. I assumed it was automaticaly set from the url since it’s not specified either in the documentation sample. Here is the snippet i was using : var authClient = new OktaAuth({ // Org URL url: 'https://dev-734663.oktapreview.com/', // OpenID Connect APP Client ID clientId: ‘...', // Trusted Origin Redirect URI redirectUri: 'http://localhost/login' }); Adding this line made the process working : issuer: 'https://dev-734663.oktapreview.com/oauth2/default’, Greetings,