Description
Specifically "signInAudience" (aka: Supported account type) seems to matter for the AAD application being used for authentication.
"PersonalMicrosoftAccount" seems to give issues and does not let the AAD app be used for package uploader.
If we change "signInAudience" to be "AzureADMyOrg" things will probably work, but are there are other manifest attributes that will need to change as well in order to support this and not cause any problems?
We noticed that in the manifest an app with "signInAudience":"PersonalMicrosoftAccount", it has "accessTokenAcceptedVersion": 2 but this restriction isn't there for an app with "signInAudience":"AzureADMyOrg" (null value for that key). From reading various available documentation like these:
[https://learn.microsoft.com/en-us/azure/active-directory/develop/supported-accounts-validation]
[https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#token-formats]
...it seems that the supported account type changes features available and Azure AD apps use version 1.0 tokens if I'm not mistaken. So part of what we're wondering is if this is why the client secret token is accepted for "signInAudience":"AzureADMyOrg" but rejected for "signInAudience":"PersonalMicrosoftAccount".