In MSDN http://msdn.microsoft.com/en-us/library/office/jj220036(v=office.15).aspx, Office 365 requires to update the client secret before it expired. But we forgot to do this before it expired. Now after we updated a new client secret, added a new one first and then removed the old expired one, the app in some sites does not work and the app in some sites works well. The error is we cannot get the accesstoken from the content token with the new client secret.
System.Exception: SharePoint2013Authentication Exception: System.IdentityModel.Tokens.SecurityTokenException: Invalid JWT token. Could not resolve issuer token.
at Microsoft.IdentityModel.S2S.Tokens.JsonWebSecurityTokenHandler.ReadTokenCore(String token, Boolean isActorToken)