Thanks for this. I hadn't realized there was a specific bit about assigning the "SCIM Integration" role to myself, so I could grant it to a net-new OAuth Client for sCIM, which would in turn bypass that 48 hour limit. Like Edgar noted, you can't "fix" an existing OAuth client this way, only create a new one.
I think this should be specifically called out in the SCIM implementation doc, as that doc just links to the OAuth client creation doc with no specific indicator on doing so for SCIM.