got an error when using IdpTokenAuthPlugin + AWS Identity center to access redshift

when I followed this document https://docs.amazonaws.cn/en_us/redshift/latest/mgmt/jdbc20-configuration-options.html#jdbc20-plugin_name-option to connect redshift with IdpTokenAuthPlugin, I got an error: “Invalid scope. User's credentials are not authorized to connect to Redshift.” I have already assigned IDC user/group to Redshift Identity center managed application, and I can successfully connect with redshift query editor v2, but it failed with JDBC client or Python script when using IdpTokenAuthPlugin. my test step was:

1. call create_token() API to get the access token. response = client.create_token( clientId='$$$', clientSecret='$$$', grantType='refresh_token', refreshToken='$$$', scope=[ 'sso:account:access' ] ) access_tk = response['accessToken'] in this step I could successfully get the access token.

2. Then connect to redshift with IdpTokenAuthPlugin + access token:
   conn = redshift_connector.connect( host = '$$$.redshift-serverless.amazonaws.com', database = 'dev', serverless_acct_id = '$$$', serverless_work_group = '$$$', region = '$$$', identity_namespace = 'AWSIDC', credentials_provider = 'IdpTokenAuthPlugin', token = access_tk, token_type = 'ACCESS_TOKEN', db_user = '$$$' ) this step will got the above error.

I wonder if anyone knows the problem? thank you!