After obtaining a jwt, I was fighting authorization issues. My token looked correct, matching the format of the screenshots above, but eventually I found additional guidance from MS at:

https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/data-entities/troubleshoot-service-authentication

which indicated the "aud" value must have a trailing slash.

Once I corrected that omission, everything worked!

Hope this helps someone else.