<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
The "typ" Field is Missing from the Access Token Header
Jul 24, 2025
Okta Classic Engine
Okta Identity Engine
API Access Management
Overview

This article explains why sometimes Access Tokens have the "typ" filed in the header, and why sometimes it is missing.

Applies To
  • Custom Authorization Servers
Cause

The "typ" field is missing from the header because the Access Token is generated by a Custom Authorization Server. This is the expected behaviour.

 

Solution

The "typ" field is only included in Access Tokens that are generated by the Org Authorization Server.

Decoder Header 

Such tokens can only be consumed or validated by Okta, and the value of this field can be subject to unannounced changes and updates, as it is not documented.

The expected structure for access tokens generated by a Custom Server can be found in the Access Token documentation.

Find more about the differences in server types in Available authorization server types.

 

Related References

Recommended content

Still looking for help?
Loading
The "typ" Field is Missing from the Access Token Header