<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /> <AppPermissionRequest Scope="http://sharepoint/taxonomy" Right="Write" /> </AppPermissionRequests>
**If you get 401 - Forbidden You may need to run this code and wait 60 minutes. Set-SPOTenant -DisableCustomAppAuthentication $false or Set-PnPTenant -DisableCustomAppAuthentication $false
401 - Forbidden
Set-SPOTenant -DisableCustomAppAuthentication $false
Set-PnPTenant -DisableCustomAppAuthentication $false