How can my console app be authorized to programmatically add work items and wiki pages to Azure DevOps wiki?

Question

Hi all,

Simply put, I have a console app that I want to write wiki pages programmatically as well as create work items (Project Backlog Items). This console app will do this by calling the REST Api for Azure DevOps. I understand everything I need to do, with the exception of figuring out why I can't get my app to authenticate with a client id and client secret.

The documentation for this scenario (authenticating an app through the REST Api) is lacking, if not completely wrong. I want to use the client id and client secret, but the documentation does not provide any good examples on this. All the other examples are simple variations on user impersonation authorization schemes.

Having attempted to do this with normal bearer tokens have yielded interesting results:

1. Either I get the HTTP 302 and subsequent HTTP 203 headers and the HTML code for the login form as the response content from the REST Api, or I get an exception thrown telling me the tenantId cannot be found.
2. If I look at the Azure AD app settings, I can assign delegated permissions to the app, but not the application permissions (which I need for this particular case).

Can anyone provide me with a proper example on how to set this up correctly in Azure AD, and give me some example code I can study? Please take a note of the fact that I am not looking to interactively log in as a user.