thanks for all your response
I found out the reason by tracking the response request with fiddler.
=AADSTS650052%3A+The+app+needs+access+to+a+service+%28%5C%22http%3A%2F%2Frts.powerapps.com%5C%22%29+that+your+organization+has+not+subscribed+to+or+enabled.
So i removed the PowerApps permission from the AD App / API Permission, it worked.
this AD App was created by Function App / Authentication automatically, don't know why add this permission.
Other Permissions are
MS Graph - User.Read
Azure Service Management - user_impersonation