The token doesn't have an identity specified.
Confirm that there is an identity field in the token. To check whether the access token is structurally correct, you can use the tools available at jwt.io(link takes you to an external page).