403 with QuickStart (Spring 5 protect-api-endpoints)

This is with regards to the QuickStart: https://auth0.com/docs/quickstart/backend/java-spring-security5/01-authorization#protect-api-endpoints

I get an Error Code of 403 when I hit the endpoint:
@GetMapping(value = “/private-scoped”)
public Message privateScopedEndpoint() {
return new Message(“All good. You can see this because you are Authenticated with a Token granted the ‘read:messages’ scope”);

I have created the permission “read:messages” and assigned it to a role and added that role to the user.

When I look up the individual user, I see that the role and permissions are assigned to the user. However, I don’t see the permissions/scope for the user when I look at the “Raw JSON”. Don’t know if that’s supposed to show there.

I’ve tried modifying the SecurityConfig in multiple ways, but no luck:

  1. .mvcMatchers("/api/private-scoped").hasAuthority(“SCOPE_read:messages”)
  2. .mvcMatchers("/api/private-scoped").hasAuthority(“read:messages”)