I have a back-end ASP.NET core 2 web api services to which I want to restrict access. I tried to follow the example scenario described here https://developer.okta.com/quickstart/#/angular/dotnet/aspnetcore , when I have implicit flow and my Angular SPA application receives id token and access token. I have my Authentication configured exactly as described in the example in the tutorial
// Add Okta Authentication
options.DefaultAuthenticateScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultChallengeScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultSignInScheme = OktaDefaults.ApiAuthenticationScheme;
OktaDomain = Configuration[“Okta:OktaDomain”],
However, if I try to call the endpoint with an access_token I get a 401 Unauthorized. I’ve tried calling the endpoint both from my Angular SPA and directly Postman but it is always the same. I can, of course, call all other endpoints withut authorization with no problems.