Hi @Admin 6 · Thank you for reaching out.
I can confirm that it works with Client_Credentials flow with Application Permissions Contacts.Read or Contacts.ReadWrite and scope set to https://graph.microsoft.com/.default.
The problem I see in your case is, you have not granted admin consent for Contacts.Read or Contacts.ReadWrite Application permission. Delegated permissions won't work when you acquire token using client_credentials flow as it uses application context.
Please grant admin consent to these permissions and acquire a new token. Decode the new token at https://jwt.ms and make sure the roles claim include Contacts.Read or Contacts.ReadWrite or both permissions as shown below:
Once the token is acquired with above permissions, make below call along with Authorization Header with value bearer <your_access_token>:
https://graph.microsoft.com/v1.0/users/<object_id_or_upn_of_user>/contacts
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.