Unfortunately I am also having trouble with the example code, and always getting the 401 error. My code is setup exactly as in the tutorial. I have a frontend React app which gets a token using getTokenSilently() and sends it as an Authorization header (Bearer: ${token}) to my server.
But the validate() function never gets called. The controller works when the AuthGuard is removed, otherwise just returns 401. Would anyone have any ideas for what to try? Thank you!