Hi @Patrick Rote ,
Per my test, I got the same result as yours on my end. So I check the token in https://jwt.ms, and found that Sites.Read.All
is not granted for the token.
The /_api/SP.OAuth.Token/Acquire
endpoint does not use the app we registered , it should use the default AAD app called Office 365 SharePoint Online which doesn't have the Sites.Read.All
permission.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.