I added a service provider to WSO2IS and use its secret to get an access token, I then use this access token to execute endpoint https://localhost:9443/t/carbon.super/api/server/v1/tenants, but I am getting 403 error. An access token is for the admin user, that as far as I see has all privileges. Why am I getting a forbidden error and how can I fix it?
Follow the steps in https://stackoverflow.com/a/65371473/10055162. If you generated the token without passing the required scopes (In your case internal_list_tenants), you will get 403 Forbidden response from the REST API call. More info (3)