macsoluk
So, a little excessive on the API Permissions but that's fine as all the ones we need are enabled and the Admin has granted consent. The Redirect URI should be of type Web and should match what is in osTicket email config Redirect URI field (which appears to be). The Client ID is the Application (client) ID from the Overview tab. The Client Secret is the Value for the Secret you created. Lastly, the Endpoints should be the first two URIs in the Endpoints blade that appears when clicking the Endpoints button at the top of the Overview tab.
All the rest of the osTicket email config stays default (Resource Details Endpoint, Scopes, and Email Address Attribute); which looks like it is from your screenshot. Once you fill all that out correctly, you need to submit the popup, login as the email you are trying to configure in the helpdesk, and click Accept on the consent screen. After this you should be redirected to osTicket with a success banner. Once you see the success banner click the Config button again and you should see a new tab called Token with the relevant Token information.
Cheers.