I’m trying to call a custom API on .net core from a js SPA, the authentification works fine but when I call the api it returns 401, using the access token. I don’t have any scopes or permissions set.
Does anyone know why this happens?
Edit: I’ve checked the bearer token that I received and it doesn’t seem valid, at least in the RS256 format.
I’m assuming this is due to the Access Token missing an audience (aud) claim - This is specified as a param in the /authorize request and might be a good place to start.
I also came across the following topic which may be of use: