Before continuing, I have a few troubleshooting steps to make sure that you have configured everything correctly on your Auth0 Dashboard.
First, could you please check that your api-m2m API has configured a list of permissions (scopes)?
You can check by going to the Dashboard > Applications > API > api-m2m > Permissions.
Then, could you please check if you have authorized and assigned those permissions to your application?
You can check on the Machine-to-Machine Applications tab in your API settings and click on the drop-down arrow of an authorized application to assign permissions. Please don’t forget to save your changes.
After that is complete, you can make the same request again, and you should have the defined permissions in the access token.
With that said, I’d like to clarify that you do not need to specify the scope parameter in the request when using a client_credentials grant. The permissions are already assigned to the client. Therefore, the access token will contain those permissions.