I’m making an API using Ruby on Rails with Devise for authentication. I have setup my login/signup functions and receive access and refresh tokens. However, when I go to access a protected route like so:

let response = await fetch(`${API_URL}events/register`, {
    method: "POST",
    headers: {
        "Accept": "application/json",
        "Content-Type": "application/json",
        Authorization: `Bearer ${accessToken}`,
    },
});

I get a 401 Unauthorized error from the API. Why is this? My project is set up like this:

routes.rb:

devise_for :users
get 'events', to: 'events#event'
post 'events/register', to: 'events#register'

controller:

class EventsController < ApplicationController
  before_action :authenticate_user!, only: [:register]

  def event
    events = Event.all
    render json: events
  end

  def register 
    @user = current_user
    render json: { user: @user }
  end
end