.NET 7.0 MVC And Web API - Securing Web API with policies

Hello All,
I have a MVC app in .NET7 and web api app in .NET7.0.
Both apps have been configured on Okta Portal.
I have created a policy and applied on web api end point. When I call the mentioned end point, I get the forbidden error. But when I go to “machine-to-machine” configuration and grant access to the scope/policy I created, I am able to access the end point without any issue.

But I do not want “machine to machine” configuration. “Enable RBC” and “Add Permission to Access token” settings are on on Okta portal.

What is missing here I am not able to figure out. The user which is being used has the role to which the scope already been added.

Also I am not able to find any example for .NET 7.0 as per my requirment so far. Any pointers would be helpful.

best regards