I get an access token and a refresh token just fine. I know the access token is valid since trying to get a new access token using the refresh results in "Access token still has not expired". The scope shows as "tinm". Anyone has a clue why I keep getting unauthorized?
Tried various formats, changing audience, validating token
The consent approval needs to happen on the organization for TIN matching , not API eServices and use the user ID generated there.