EventSub only access “app access tokens” as the error said, this is also known as “Client Credentials”
See: How does Twitch’s new EventSub work? – Barry Carlyon
And: Getting Tokens: OAuth | Twitch Developers
EventSub checks “if the scope is granted” another way by checking if it was granted to the ClientID or not regardless of the token itself, since with EventSub the token won’t represent a user (or have scopes)