OKTA - SPA Verify JWT Token & Setup Authorization Server

Question

I am working through a process of validating the JWT after OKTA Login. I have a SPA Sample SPA Site that handles user login and calling an API.

SPA SITE

1. User Logins into OKTA
2. Obtains a JWT
3. Passes JWT to a .NET Web API (hosted on my own server not at OKTA).

WEB API: This accepts the JWT and needs to validate it.

Per OKTA I need verify the JWT through an Authorization Server. I setup the Authorization Server but I cannot see where the two features (shown on the images) are located on the SPA API or the Auth Server. This includes a URL that is required that follows the format of xxxx.okta.com/AS/{key}

Is there something that has to be enabled that is not enabled in my OKTA Account? I think so but what is it? OKTA support states that everything is enabled and confirmed this is a good code sample (GitHub) to use.

The Image Below should appear after setting up the SPA App. I cannot find this feature under the SPA or under the Auth Server. It does not seem to exist anywhere on OKTA. This is why it seems something is not enabled on my Dev account, or this documentation is outdated?

SPA Code Sample (includes the images below from the PDF) https://github.com/oktadeveloper/okta-oauth-spa-authjs-osw

Answer 1

I see that under the Security menu item -> API.

Also, when I had my app OpenID Connect enabled, I used well-known endpoint: GET /.well-known/openid-configuration to get "jwks_uri", I used this url to self-verify the JWT token at the API level.

Answer 2

OKTA confirmed the code sample and documentation is out of date. They have no ETA to any updated samples and could not provide any documentation to help. This was via a response on a support ticket. Well already then, time to look at Azure.