OIDC login for User Provisioning

The scenario that I have is that I want to provision a user from a server based program.
I would expect to use the client credentials flow ( as its trusted), howerer the documentation suggests:

" Create New Application page, select any app type and then click Next . We suggest creating a web, single-page, or native app for an easy way to test scope-based access to Okta’s APIs using an OAuth 2.0 bearer token." and assigning a user.

There is no user its the server, Oauth Service looks the more obvious choice and assign the scope: okta.users.manage , okta.users.read

Would be nice to be able to mint tokens in the console as I cant get the postman interceptor working in my locked down environment.

@mcrobbj_choices You can use Service apps to mint tokens to access Okta APIs. See the following guide: Implement OAuth for Okta with a Service App