Forbidden exception when Client requests Todos

Hi,

After following the setup instructions I am getting the following error from the Client when navigating to the Todo page after successfully authenticating

The bearer token is present.

On the API side I get the following log statement

Client Setup

App permissions look like this

My Client .env looks like this

VITE_PORT=3002
API_URL=http://localhost:5198
VITE_AZURE_CLIENT_ID={AppClientID}
VITE_AZURE_AUTHORITY=https://login.microsoftonline.com/{TenantID}
VITE_TODO_API_ENDPOINT_URL=http://localhost:3002
VITE_TODO_API_SCOPES_READ=["api://{ApiClientId}/ToDoList.Read"]
VITE_TODO_API_SCOPES_WRITE=["api://{ApiClientId}/ToDoList.ReadWrite"]

API setup

App reg expose permissions looks like this

And role looks like this

I have set API ClientID secrets to {ApiClientId} and and TenantID secret to {TenantID}

And the API launchSettings.json looks like this

{
  "$schema": "http://json.schemastore.org/launchsettings.json",
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:42790",
      "sslPort": 44335
    }
  },
  "profiles": {
    "https": {
      "commandName": "Project",
      "dotnetRunMessages": true,
      "launchBrowser": true,
      "launchUrl": "swagger",
      "applicationUrl": "https://localhost:7253;http://localhost:5198",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "launchUrl": "swagger",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }
  }
}

Maybe I have missed a setup.

Any help would be really appreciated

dontnod / web-app-starter

Forbidden exception when Client requests Todos #8

Client Setup

API setup