.net - ASP.NET Core Integration Test Failing in GitHub Actions (403 Forbidden) but Passing Locally - Stack Overflow

I'm running integration tests for an ASP.NET Core 8 Web API project, and I have a test that passes in my local IDE (Visual Studio Test Explorer) but fails in GitHub Actions with a 403 Forbidden error.

GenerateToken.cs (file in the ProSys.Tests.Integration proj)

public class GenerateToken
{
  private readonly HttpClient _client;

  public GenerateToken(CustomWebApplicationFactory<Program> factory)
  {
     _client = factory.CreateClient();
  }

  public async Task<string> GetJwtToken()
  {
     var loginPayload = new { username = "owner", password = "P@$$w0rd" };
     var response = await _client.PostAsJsonAsync("/api/v1/account/login", 
       loginPayload);

    response.EnsureSuccessStatusCode();

    var responseContent = await response.Content.ReadAsStringAsync();

    var json = JsonSerializer.Deserialize<ApiResponseWrapper<LoginResponseResult>> 
       (responseContent,
          new JsonSerializerOptions
          {
            PropertyNameCaseInsensitive = true,
            Converters = { new JsonStringEnumConverter() }
          });

    if (json?.Value?.Token == null)
    {
        throw new Exception($"Token generation failed. Response: {responseContent}");
    }

    return json.Value.Token;
   }
}

AuthTest.js

public class AuthTests : IClassFixture<CustomWebApplicationFactory<Program>>
{
  private readonly HttpClient _client;
  private readonly GenerateToken _generateToken;

  public AuthTests(CustomWebApplicationFactory<Program> factory)
  {
      _client = factory.CreateClient();
      _generateToken = new GenerateToken(factory);
  }

  [Fact]
  public async Task Get_Protected_Endpoint_Should_Return_Unauthorized_Without_Token()
  {
      var response = await _client.GetAsync("/api/v1/userType/retrieve");
    response.StatusCode.Should().Be(System.Net.HttpStatusCode.Unauthorized);
  }

  [Fact]
  public async Task Get_Protected_Endpoint_Should_Return_Success_With_Dynamic_Token()
  {
      var token = await _generateToken.GetJwtToken();
      _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);

      var response = await _client.GetAsync("/api/v1/userType/retrieve");

      response.EnsureSuccessStatusCode();
  }
}

Problem Description

I have an endpoint that requires authentication, and my test does the following:

1. Calls the /api/v1/account/login endpoint with valid credentials (owner / P@$$w0rd).
2. Extracts the JWT token from the response
3. Sends the token in an Authorization header to /api/v1/userType/retrieve.
4. Expects a 200 OK response, but gets 403 Forbidden only in GitHub Actions.

Error Message from GitHub Actions

ProSys.Tests.Integration.Tests.AuthTests.AuthTests.Get_Protected_Endpoint_Should_Return_Success_With_Dynamic_Token [FAIL]
    [xUnit 00:00:12.08] System.Net.Http.HttpRequestException : 
    Response status code does not indicate success: 403 (Forbidden).

the GitHub Actions is indeed creating the tables and inserting the values, so the owner with P@$$w0rd are correct creds and it has the required permissions to access this endpoint (everything in Postman is working successfully with a header that contains the token), but yet it is throwing 403 (Forbidden) that indicates that the login user is not authorized to access this endpoint, so maybe GitHub Action is not generating the token correctly, the token uses the RSA algorithm to assign and validate a token, the private and public keys are found in the secrets.json file found in GitHub Secrets under the action tab

Also note that the login process in my api is correctly working and assigning and validating the JWT correctly using RSA encryption keys.

Question

1. How can I properly debug whether secrets.json is being read in GitHub Actions?
2. What are the best ways to troubleshoot why an authentication token works locally but gets rejected (403 Forbidden) in GitHub Actions?