Just noticed that the service account is getting a 403 Forbidden when trying to pull the Chicago schedule for adherence validation. The user account works fine, so this feels like a scope mismatch on the service credentials. Has the required wfm:schedule:view scope changed recently?
This looks like a scope issue where the service account lacks the specific wfm:schedule:view permission, not just the admin role. Ensure the OAuth client configuration includes this exact scope.
If I remember correctly, scope alone is insufficient if the service account lacks explicit WFM group membership. The dashboard often masks this permission gap until runtime.
Verify the account belongs to the specific WFM user group.
Assign the wfm:schedule:view scope in the OAuth client settings.