403 access_denied_insufficient_permissions

I'm having issues being able to download or upload files.

My app is using OAuth 2.0 with JSON Web Tokens.  Because there is no SDK available for Go, I've been following the "JWT without SDKs" guide and at first, it seems like I'm doing everything correctly.  I'm able to get a token and when I call the "/users/me" endpoint, I get the user information for the service account.

When I try to upload or download a file from my regular account, I get the 403 error.

I have the following configuration set up for my app:

- App access level: App + Enterprise Access

- Application scopes: Read and write all files stored in Box

- Advanced feature: Make API calls using the as-user header and Generate user access tokens

For download, I've also made sure that the service account is a co-owner on both the folder and the file itself.

Thank you,