I have a MVC app in .NET7 and web api app in .NET. Both apps have been configured on Okta Portal.
I have created a policy and applied on web api end point. When I call the mentioned end point, I get the forbidden error. But when I go to “machine-to-machine” configuration and grant access to the scope/policy i created, I am able to access the end point without any issue.
But I do not want machine to machine configuration. “Enable RBC” and “Add Permission to Access token” settings are on on Okta portal.
What is missing here I am not able to figure out. The user which is being used has the role to which the scope already been added.
Any pointers would be helpful.