For App Access Tokens from the Client Credentials flow the scope does nothing as it doesn’t represent a user.
For User Access Tokens scopes do work, but if you use the analytics:read:games scope and go through the OAuth process, that just grants you access to games which you are the developer of. You can’t grant yourself permission to access stuff you have no right accessing. So for game analytics you need the game developers to go through your login process, to access things like channel subscribers you need that specific broadcaster to go through your login process, etc…