OAuth 2.0 for JSM – Service Account Integration

Hi all
I need help with Jira Service Management Cloud API and OAuth 2.0 using a service account.

What I want to do:

• Use a service account with OAuth 2.0 (not API token) for full integration with JSM API.
• Be able to GET /servicedeskapi/request to fetch customer requests, not just create them.

What I’ve done so far:

• Created a service account and selected OAuth 2.0 as the authentication type.
• Obtained an access token via Client Credentials flow.
• The token includes many granular JSM scopes (e.g., read:request:jira-service-management, write:request:jira-service-management, read:jira-work).
• With this token:
  • Works: /servicedeskapi/servicedesk (returns service desks).
  • Fails: /servicedeskapi/request (returns 401 or empty).

Questions:

1. Has anyone successfully fetched requests using service account OAuth?
2. Do Jira classic scopes fully cover JSM endpoints, or do we need something else?
3. Is this a known limitation, and should we switch to API token + Basic Auth or use Authorization Code flow (3LO)?