Im working on an asp.net web API (.NET8) project where i have to use JWT tokens. But im facing 1 error no matter what I do. Im able to generate Tokens upon signin, but when im trying to use the generated token to call my weathercontroller, it shows “Bearer error=”invalid_token” ” and 401 unauthorized. I have searched everywhere, tried my best to understand what’s the issue..
This is my controller where im generating tokens.

Initially Generated JWT
Postman error upon HttpGet Request

 [Route("[controller]")]
 [ApiController]
 public class AuthController : ControllerBase
 {
     [HttpPost("login")]
public async Task<IActionResult> signIn(UserCred userDetails)
{
    if (userDetails != null && userDetails.PhoneNumber != null && userDetails.Pin!= null)
    {
        UserDetails user = _user.GetUser(userDetails.PhoneNumber, userDetails.Pin);

        if (user != null)
        {
            
            var claims = new[] {
                new Claim(JwtRegisteredClaimNames.Sub, _config["Jwt:Subject"]),
                new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
                new Claim(JwtRegisteredClaimNames.Iat, DateTime.UtcNow.ToString()),
                new Claim("UserId", user.Id),
                new Claim("DisplayName", user.FirstName),
                new Claim("UserName", user.LastName),
                new Claim("Email", user.Email)
            };

            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
            var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
            var token = new JwtSecurityToken(
                _config["Jwt:Issuer"],
                _config["Jwt:Audience"],
                claims,
                expires: DateTime.UtcNow.AddMinutes(10),
                signingCredentials: signIn);

            return Ok(new JwtSecurityTokenHandler().WriteToken(token));
        }
        else
        {
            return BadRequest("Invalid credentials");
        }
    }
    else
    {
        return BadRequest();
    }

}
   

And here is program.js for reference:

var builder = WebApplication.CreateBuilder(args);
var MyAllowSpecificOrigins = "_specificOrigin";
// Add services to the container.

builder.Services.AddCors(options =>
{
    options.AddPolicy(name: MyAllowSpecificOrigins, policy =>
    {
        policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
    });
});

builder.Services.AddControllers();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
    options.RequireHttpsMetadata = false;
    options.SaveToken = true;
    options.TokenValidationParameters = new TokenValidationParameters()
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidAudience = builder.Configuration["Jwt:Audience"],
        ValidIssuer = builder.Configuration["Jwt:Issuer"],
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"]))
    };
});


builder.Services.AddAuthorization();

// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();

builder.Services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(
    builder.Configuration.GetConnectionString("DefaultConnection")

));


var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();

app.Run();

Im really stuck here. Let me share the project’s github repo, for reference: TechBuzzersBank API

I think the error is somewhere in my controller, but im unable to fix it. Maybe its with the way im calling the API (in postman)