Recommended approach for integration tests

We have a set of REST endpoints that are all protected by spring security and require a token. We have a SPA that uses PKCE to get a token and invoke those endpoints. It all works great.

Now we have a set of integration tests built in Java to invoke those rest endpoints as part of our CI/CD pipeline. What is the recommended approach to get a token to invoke those endpoints?

At this point we have created a separate application dedicated to the integration tests and enabled Use Client Authentication on that app. Then the Java tests can get a token with a username and password using client credentials to simulate different types of users.

This functions well but I was curious if that is the recommended approach to the ability to simulate different user groups for a given API.

What is the right approach to get a token with specific user groups for this type of testing?