You can ask the Access Manager administrator to create a custom resource server in Access Manager Administration Console to get more control on what crypto keys you require to use for encrypting the token. Access Manager provides the option to encrypt the access token as per your requirement.
The access token can be encrypted by using any of the following options:
Encrypt using the resource server key
Encrypt using Access manager key
No encryption (not recommended because it may cause security issues).
After the Access Manager administrator creates the custom resource server, you can specify the resource server name in the token request for encrypting the access token using the encryption mechanism configured for that resource server. For more details about the request parameter, see Section 4.4, Token Endpoint. This helps in avoiding the need for contacting Identity Server’s TokenInfo or UserInfo endpoints for token validation or for claims.
Only the Access Manager administrator can register the resource server.