When I try to get the security token I am getting the “Direct login to WLID is not allowed for this federated namespace” error from my corporate SharePoint Online Tenant but I am able to get the security token from my MSDN Development Tenant.
Note sure if we need to enable anything in Azure side. Basically I am trying to do a POC to explain how SharePoint REST APIs can be opened to integrate with other technologies we use internally like JAVA, Informatica, Salesforce, etc.
I'd ensure first that the Azure AD Web application has the needed permissions. Usually that way we register our applications - however, if we want to target only specific site collections, we use the specified site collection appinv.aspx page.
Also, if you are testing this in the browser, I'd ensure that I was logged in a private session to ensure that my dev tenant login does not interfere with my prod tenant login.