I have the same issue in React, see if you can take the Access Token and use postman. When I use post man and or replay the request while removing origin and referrer it works.
If you check the payload of your access token, can you confirm that it has been issued by the same authorization server you are sending it to? If the iss you see in your token doesn’t say https://dev-1234567.okta.com, can you try updating the request URL for your Userinfo call to point to the same issuer as the one that minted the token?
For example, if the iss value you see in the Access Token says https://dev-1234567.okta.com/oauth2/default, send it to https://dev-1234567.okta.com/oauth2/default/v1/userinfo
I get 401’s in Postman as well… there’s a problem with the token but it’s impossible to tell what that problem is. I suspect scope, but having tried several variations with no success, can’t say for sure.