Permissions not mapping over accestoken registered app

Question

Hi all, I’m running on fumes here, spent an afternoon looking into what I might be doing wrong:

I have a basic powershell script (almost 1-1 from ms docs)

$tenantId = "mytoken"
$ApplicationID = "mytoken"
$clientSecret = "mytoken"



$graphtokenBody = @{   
   Grant_Type    = "client_credentials"   
   Scope         = "https://graph.microsoft.com/.default"   
   Client_Id     = $ApplicationID   
   Client_Secret = $ClientSecret   
}  

$graphToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantID/oauth2/v2.0/token" -Method POST -Body $graphtokenBody | Select-Object -ExpandProperty Access_Token 

$teamstokenBody = @{   
   Grant_Type    = "client_credentials"   
   Scope         = "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default"   
   Client_Id     = $ApplicationID   
   Client_Secret = $ClientSecret 
} 

$teamsToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantID/oauth2/v2.0/token" -Method POST -Body $teamstokenBody | Select-Object -ExpandProperty Access_Token 

Connect-MicrosoftTeams -AccessTokens @("$graphToken", "$teamsToken")

I've used this link for the code: https://learn.microsoft.com/en-us/powershell/module/teams/connect-microsoftteams?view=teams-ps

this successfully connects; i get the nice reply containing account environment tenant etc.

I can after this also run get-team and it fetches all my teams.

I’m now trying to use the CS scripts simple stuff like ‘Get-CsOnlineUser’ but I immediately get unauthorized reply…

I’ve made the registerred app teams admin givin it waaaay to many permissions in graph but still to no avail…

Is there any known way to check the permissions that I could need to give / log more?

If i run the Get-CsOnlineUser code with my admin user it just works… ------------------------------ if anyone could set me on the road to the correct permissions? or where i can check what's missing?