In OpenIddict 3.0, access tokens are encrypted by default. To fix the error you're seeing, you can either:
Register the encryption key in the JWT handler options (
options.TokenValidationParameters.TokenDecryptionKey).Disable access token encryption:
services.AddOpenIddict() .AddServer(options => { options.DisableAccessTokenEncryption(); });Note: in 3.0, the recommended option is to use the OpenIddict validation handler instead of the JWT handler developed by Microsoft.