I’ve created a version that calls the api asUser() instead of asApp() this is called directly from a button on a page. The error now becomes:
INFO 2023-04-02T13:05:47.461Z 9ed4dcfe-8c3d-47da-9124-141a2227cf29 Repair Response: 401 Unauthorized
INFO 2023-04-02T13:05:47.462Z 9ed4dcfe-8c3d-47da-9124-141a2227cf29 { code: 401, message: 'Unauthorized; scope does not match' }