Cloud functions behind Api Gateway with Okta Authentication

[Rahil Kidwai]

I have cloud functions that I want to expose via gateway with Okta integration.

I have defined the config with Okta security credentials.

When I try to call the api via gateway I am getting the following error:

Header: www-authenticate: 

Bearer error="invalid_token" error_description="The access token could not be verified"

Response Body: (edited for brevity)
<title>401 Unauthorized</title> 

Error: Unauthorized Your client does not have permission to the requested URL <code>xxxxxxxxxxx</code>.

Gateway is supposed to validate incoming request with okta Jwt token in authorization header 

The cloud functions are not set for "allow unauthenticated"

Any ideas of what I need to do to make it work.

Thanks 

[Rahil Kidwai]

Additional details:

Please note that if i don't pass jwt in authorization header, i do get 401 Unauthorized response and when i passed an expired token i get 401 Unauthorized as well with message "Jwt expired". 

When i pass a valid token i get the earlier mentioned error message.

It seems like that okta token is being validated correctly but after that the down stream call from GW to CF is failing as the function does not allow unauthenticated calls.