In this example, Mulesoft Anypoint is proxying a 'solar system' API. Mulesoft is using Okta's OAuth2-based authorization to check for a valid access token and the required scopes for the requested endpoint.
Just authenticate as one of the users on the right to get started.
In this scenario, one user (Clark Kent) is subscribed to the "silver" level of access, which means he will be able to access the /planets endpoint with his access token by virtue of the "http://myapp.com/scp/silver" scope. Okta will mint the access token and include the "http://myapp.com/scp/silver" scope because Clark belongs to the "silverSubscribers" group in Okta.
Similarly, another user (Lois Lane) is subscribed to the "gold" level of access, which means she will be able to access the /moons endpoint, and she will also be able to access the /planets endpoint by virtue of the scopes included in her access token.
Try clicking on the buttons as an unauthenticated user, and then as Clark and Lois to get a sense of how the access tokens work with the API endpoints.
username: clark.kent
password: mars
username: lois.lane
password: mars