403 Forbidden error when attempting to access Authorization policy. Login successful

Using Authorization extension.

Site was working fine for years. It is possible I misconfigured something, but I’ve gone through the configuration steps for an asp.net app and all looks correct.

The error is 403 forbidden, while trying to use a read policy in a get action. It is notable that the login is successful, as verified by Auth0 logs.
This error is also occurring in my local development server, leading me to believe this is surely an Auth0 configuration issue.

I have run the test curl scripts, all of which have succeeded.

There is an API, Application, and M2M application. Client ID’s and secrets are unchanged from when the site was working and now (not working). I have verified that these are correct in the application.

I tried updating the Authorization extension, which was in version 2.6 (?). This has had no effect. Additionally, I tried following the RBAC steps, which also had no effect.

I am at a loss now. I would really appreciate some assistance on this, as our live site is currently unable to operate. Thank!

Application A (not m2m):

  • Application type: regular web application
  • Allow CORS: on
  • Refresh token rotation and expiration: off
  • Credentials: client secret (post)

Application B (m2m):

  • Same as above for all
  • APIs: urn:auth0-authz-api (identifier) (has full permissions: groups, roles, users, etc)