This isn't possible due to the Application Permissions: 0 setting for the Service Management API. The client_credentials grant type uses credentials from the application (client_id and client_secret), and since the application does not have permissions for this API the call fails.

Since the Service Management API will not allow application permissions of any kind, we must use the authorization_code grant type or some other method to obtain a user token.