Azure: Unable to Generate Oauth2 token for REST API OR policyinsights

Question

I'm trying to collect an Oauth2 token for interacting with Azure REST APIs and I continue to get errors. It seems like a very convoluted process trying to follow the Microsoft documentation. I'd appreciate some help here.

I've tried:

1. creating an app in Registered Apps
2. creating a System Assigned servicePrincipal for my Function App and integrating them with Azure AD
3. creating a User Assigned servicePrincipal and integrating them with Azure AD
4. requesting a token through a POST to "https://login.microsoftonline.com//oauth2/v2.0/token"
5. collecting an Oauth2 token from "github.com/Azure/azure-sdk-for-go/sdk/azidentity", but this is intended for use with an SDK and does not provide a straightforward way to collect the actual string version of the token for use in the REST API.
6. collecting an Oauth2 token from "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" but this doesn't provide one and the azcore policy SDK does not have any methods for querying resource policy compliance state.
7. attempted to use "github.com/Azure/azure-sdk-for-go/services/policyinsights" methods to query resource policy compliance state however this fails authentication due to no authorization header. BUT there is no option for providing an authorization header. (it looks like it uses autorest, which itself doesn't have a straightforward method of providing the string version of the token)

Can anyone please share a straightforward way to collect an Oauth2 token for Azure? I expected that I should be able to create a service account that has credentials generated for it, or use the servicePrincipals certificates to request a token but that has failed.

This is the POST request that I used:

    authendpoint := "https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token"
    fmt.Printf("building request with\nclientID: %v\nclientSecret: %v\n", clientID, clientSecret)
    body := url.Values(map[string][]string{
            //"resource":      {"https://graph.microsoft.com"},
            "client_id":     {clientID},
            "scope": {"https://graph.microsoft.com/.default"},
            "client_secret": {clientSecret},
            "grant_type":    {"client_credentials"}})

    request, err := http.NewRequest(
            http.MethodPost,
            authendpoint,
            strings.NewReader(body.Encode()))
    if err != nil {
            fmt.Println("Unable to build new request")
            panic(err)
    }   

    request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
    client := &http.Client{}
    resp, err := client.Do(request)
    if err != nil {
            fmt.Println("Unable to make request")
            panic(err)
    }   
    defer resp.Body.Close()
    respBody, err := ioutil.ReadAll(resp.Body)
    if err != nil {
            fmt.Println("Unable to read resp.Body")
            panic(err)
    }