How do I read SPO files with an azure registered app via synapse?

[Plug-it-Play-it]

Hello community,
I am looking for help in reading SPO files from a specific site with an azure registered app via azure synapse.

1. Does anything special has to be done in the app configuration?
2. The registered app will be used from synapse to connect to SPO to read files.
   2a. Do I need to use a bearer token for/from synapse? Is there a step-by-step guide that I could use? Can one be provided please?
   2b. Do I need to use OAuth 2.0 for/from synapse? Is there a step-by-step guide that I could use? Can one be provided please?
   2c. Do I need to use Graph Explorer to generate / manage that token, or is it safe to use the free Postman?

How do I proceed? Is there any full guideline out there that I could use?
I have been digging the Internet since the last 2 weeks without results.

Is that something that can be done strictly via the different portal: azure, SPO admin?
Or should be it done instead via scripting [SPO Management shell, PnP powershell, MS Graph]?

The registered app is configured with only "Sites.selected" for both
Microsoft Graph > Application permissions.
and
Sharepoint > Application permissions.

I am also using a valid client secret for the azure app.

When testing the app from synapse, connection to SPO failed each time with authentication failure.
I must be missing something related to OAuth 2.0 token / bearer token between synapse and SPO [if that makes sense?] I am not familiar with bearer token.
Could you kindly help me for a 1-2-3 step to follow to implement this setup please?

In anticipation of your assistance, thank you so much