I just read the following, regarding a problem that we have in SharePoint Server 2019, with an application that we can not trust if it requires tenant administrator permissions (even if the account we use has all administrator rights)
It will not be possible to register the application principle for a tenant's total control application, since you need to have an application that goes through the approval process of the tenant administrator.
The problem is that even if you are a tenant administrator, the trust button will always be disabled.
The solution is to create a shared point snap-in .app file and upload it to your application catalog, then the approval process will start and then you can use your client and its secret in its proper scenario.
My question is: is it an error or is it by design?