I'm using Azure B2C with a custom policy to provide federated sign-in to my application.
I already support MS and Google as identity providers and am trying to add Okta support, via OpenID Connect.
I've been able to add a developer instance of Okta as an identity provider in my B2C policy and everything works great when working with an Okta Custom Authorization Server.
However the customer I'm working with does not have a licence for the Custom Authorization Server feature and apparently it's very expensive. So I would like to integrate with the default Org Authorization Server that comes for free with Okta.
The problem with the Org Authorization Server is that it does not support validation of tokens. This is documented by Okta here: https://support.okta.com/help/s/article/Signature-Validation-Failed-on-Access-Token
When I try to sign in, I get this error in B2C: "IDX10503: Signature validation failed. Token does not have a kid."
Is there any way to turn off the signature validation from the B2C side? Perhaps an undocumented metadata setting in the OpenIdConnect Technical Profile?
Thanks