Spring Security not working with Auth0 API throwing 403 given valid token

I have the following…

@Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.oauth2Login(AbstractHttpConfigurer::disable)
                .oauth2ResourceServer(AbstractHttpConfigurer::disable)
                .sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests((authz) -> authz
                        .requestMatchers(
                                new AntPathRequestMatcher("/actuator/**")
                        ).hasAuthority("SCOPE_read:actuators")
                        .anyRequest().authenticated()
                );
        return http.build();
    }

And the following config…

auth0:
  audience: ...
spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: ...

I am trying to call the endpoint with curl http://localhost:8080/actuator -v -H "Authorization: Bearer ..." and curl http://localhost:8080/actuator -v -H "Authorization: OAuth ..."

I have confirmed the access token has

{
  "iss": "...",
  "sub": "...",
  "aud": [
    "...",
    "..."
  ],
  "iat": ...,
  "exp": ...,
  "azp": "...",
  "scope": "openid profile email",
  "permissions": [
    "read:actuators"
  ]
}

The aud and iss match but when I go to the site I get a 403. If I make it permit-all then it works fine.

What am I missing here?

This fixed my issue