Hey there @battuto welcome to the community!
That’s good news you can at least log in and visit the unprotected routes - Are you positive you are both passing an audience param (this would be defined in your .env file) and that the user you are logging in with has the correct admin role/permissions?
If you would like to copy and paste an example access token into jwt.io and share the decoded result here that could be helpful. Please just redact any information you don’t want to be public.