I am trying to implement an Machine to Machine authorisation flow to generate an access token from a Service account for use with a SPA app.
I have created the Service account that uses client_credentials, setup an Authorisation server and created a custom scope. In the Authorisation server the access policy is set to both the service account and SPA app. I can request an access token using the service account Client Id and Secret, if I try and use this returned token to access the SPA app resource I get a 401 unauthorised.
What am I missing here? There is no obvious way to assign permission to the SPA app I have found and the documentation is really vague, any assistance will be much apreciated.