The reason you're getting this error is because you're utilizing the client credential flow which only gets application permissions because it's on behalf of the service principal. In order to get an access token with the delegated permission, you'll need to utilize a different flow. For more information on how to do this utilize take a look at the powershell and ADAL/MSAL libraries : https://github.com/shawntabrizi/Azure-AD-Authentication-with-PowerShell-and-ADAL
And for more information on the different kinds of permissions take a look at : https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-permissions-and-consent