OIDC Token error: Signature verification failed

trying to configure the Okta OIDC client. Getting error after authentication on Okta.

social_core.exceptions.AuthTokenError: Token error: Signature verification failed

should the discovery URL be configured somewhere? How does it know the jwks_uri to validate tokens?


1 Like

found my issue. Documentation could use a little clarity. While it states the API URL should be:
This has subsequently had the ‘/v1/authorize’ removed. In productive deployments, this will likely resemble:

The source library documentation states:
Please note, do not use the /oauth2/default endpoint for Okta authentication:

“default” is the API authServerID that comes with Okta. Usually oidc clients have no issues using it. So when configuring galaxy oidc_config.xml and oidc_backend_config.xml, instead of https://{company}.okta.com/oauth2/{authServerId}/ use https://${company}.okta.com/oauth2/