Hey Dan,
I have this exact problem - in the managing roles chapter. I can see all the options for admins on the WAB dashboard, and when I inspect the Network, I see that an Authorization: Bearer <access_token> is appended to the request.
Nonetheless, I still get a 401, Unauthorized response from my server. It’s definitely a server configuration issue. Any ideas?