Can't use a SPN in a PowerBi dashboard to access SharePoint lists

Hoping you can help with an ongoing issue I have.  I have a PowerBi dashboard I built using regular account to fetch some SharePoint lists and uploaded it to PowerBi for others to view 

Now in PowerBi portal I want to change the credential from my account to an SPN.  I've read what feels like a thousand articles describing the process to create the SPN 99% all the same.

Yet when I go into Powerbi portal, edit the semantic model for the dashboard, click edit credentials, select Service Principal put in the tenant ID the Service principal ID (yes using the app id, in fact I tried everything) the service principal key (the secret) and choose any privacy level it fails 100% of the time.  

Error is: Failed to update data source credentials: The credentials provided for the SharePoint source are invalid.

Same error regardless of what privacy level I choose.  I'm sure the secret is correct also.

Just for fun I tried the Secret ID and the Object ID in place of the Application ID for the Service principal ID field.  All failed same error.  I'm sure the secret is correct also.

The SPN has Graph sites.read.all, Graph user.read and SharePoint Sites.Read.All api permissions configured. All are consented.

Everything seems right but gives me the error failed to retrieve oauth token 100% of the time.  Am i missing something else?  More API permissions maybe? Do i still need ot actually add the SPN to the Sharepoint site itself even though I has API permissions SharePoint Sites.Read.All?

I've done days of research and all I find is lots of people with same or similar issue but not resolution.  Is this a bug?

Help me I'm desperate to get this fixed or I'm going to have to allow people to bypass MFA across my organization which I cant have.