The usual auth method that works for us is ROPC (Fig 1)
Replace Organization from address bar to tenant ID
Input client_id or the application id
Input client_secret
Input account username and password
Hit Send
Copy the retrieved token
Go to jwt.io website and paste the token to test (Optional)
If the API scope is set to empty, then it will automatically grab whatever was granted to the app itself (Listing scope(s) explicitly will help to limit the scope of the application)
