I am trying to handle in my .Net Core API Service side setting the Authorize attribute with the Access Policy Scope I setup simplest level. I am getting in my Startup the JwtBearer TokenValidationParameters and I simply right now just have [Authorize] on top of my controller class. In Okta I setup an Authorization Server and then defined two scopes IV_API_READ and IV_API_WRITE then setup Access Policies with a Rule for each and the assigned scopes and the Clients Assigned to those Policies. I did not setup anything under claims yet not sure I need to get to that granular level yet. How can I just check if the incoming token has a Scope defined with the Authorize attribute for my controller? I tried some things but no dice and was hoping to keep it as simple as possible with something in the startup defined a policy etc. but not working.
tried things like
[Authorize(Policy = “IV_API_READ”)] [Authorize(Roles = “IV_API_READ”)] etc. not working