Angular SPA with angular-oauth2-oidc and fastApi/python - Token validation problems


I have set up an Angular 17 app with angular-oauth2-oidc and a fastAPI backend. I have successfully configured the angular library and I am receiving access token, jwks and userinfo on the client side. With an interceptor I redirect the token to my backend. From there I would like to validate the token before answering client side api requests…whatever I do, I fail. It seems the introspect endpoint is not available for my spa developer account. The token has no kid in the header; when I retriev the public JWK keys successfully I cannot decode the token…only the userinfo endpoint answers being queried from my backend. What would be the approach designed by Okta here? Thank you, Matthias