Hey,
I have exactly the same problem.
I created a service account using my owner account, gave it BigQuery User and Job roles, added the service account as a Looker agent, and assigned Token Creator as a principal,
but I still get this error message. Does anyone know what the issue might be?

I've assigned the "Service Account Token Creator" role to my service account. I found this list of service agents https://cloud.google.com/iam/docs/service-agents. There's one for both Looker and Data Studio.  After I identified the service agents, I triggered service agent creation https://cloud.google.com/iam/docs/create-service-agents#create. I assigned the Data Studio Service Agent role to both of these and still getting the same errors. 

Service agents can be project-specific. Make sure you've identified the correct service agent for the project where your Looker Studio and BigQuery resources reside.
While the Service Account Token Creator role allows the service agent to generate access tokens, it might not be enough to access the BigQuery data itself. Ensure that the service account (A) also has the BigQuery Data Viewer role on the relevant dataset or table.
In some cases, the service agent might also need the Project Viewer role on the project to access the BigQuery resources.
If the issue persists, use the IAM Policy Troubleshooter in the Google Cloud Console to diagnose potential access issues related to the service account and the Looker Studio service agent.
Review the Cloud Audit Logs to see if there are any failed access attempts by the Looker Studio service agent. These logs can provide valuable clues about the missing permissions.
Extra considerations:

• If your organization has implemented any organization-level IAM policies, they might be overriding the project-level permissions. Check with your organization's administrator if this is the case.
• If you're using custom roles, ensure they include the necessary permissions for the service account and the Looker Studio service agent.

Please use this URL to find your Looker Studio Service Agent, Format is "service-org-<organizations-id>@gcp-sa-datastudio.iam.gserviceaccount.com" , You can get the same here:  https://lookerstudio.google.com/u/0/serviceAgentHelp

Hi,
I am having exactly the same issue.
I created a service account (looker-sa), gave it BigQuery permissions, also triggered datastudio service agent. Provided the service agent Service account token creator role. Still facing this problem. If there are any updates on this please help!
Thanks.

Facing the same issue with an service account to access the data. I get this output of the Sa describe, i've removed the sensitive data. But all requested roles was applied to this SA and agent account, but we still facing the same issue.

bindings:

- members:

  - serviceAccount:service-org-<id>@gcp-sa-datastudio.iam.gserviceaccount.com

  role: roles/iam.serviceAccountTokenCreator

- members:

  - user:user.name@my-domain.com

  role: roles/iam.serviceAccountUser

Thanks.

I was initially trying to assign permissions to the project-level service agent. After using the organization-level service agent in the link provided by @samir-patel (https://lookerstudio.google.com/u/0/serviceAgentHelp) I was able to successfully assign the service account. 

Solution: 

1. Log in to the Google Cloud Console.
2. Navigate to the IAM & Admin page
3. Review the project name to the left of the search field on the main toolbar and make sure this is the project you want to configure for Looker Studio. 
4. From the left navigation, click Service Accounts.
5. Click the email address of the service account you intend to use for Looker Studio or create a new one. 
6. Click Permissions.
   
7. Click Grant Access.
8. In the New principles field, enter the service agent in this link https://lookerstudio.google.com/u/0/serviceAgentHelp. 
9. Click the Role menu to expose the Filter field.
   
10. In the Filter field, enter `Service Account Token Creator` and then select it from the list of roles that appears.
    
11. Click Save.