Invoke-PnPSiteScript throwing Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException error

[chrismcfarling]

Invoke-PnPSiteScript -Identity ec03e1a0-5777-43d9-b720-fc4dafd1c0e3 -WebUrl https://mytenant-admin.sharepoint.com

is returning the following error

Invoke-PnPSiteScript: Unauthorized (401): {"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."}

Initially I was connecting with
Connect-PnPOnline -Url "https://mytenant-admin.sharepoint.com" -DeviceLogin -Tenant mytenant.onmicrosoft.com -ClientId 1672a9ca-bab9-485b-8b06-dd6a648a0da1

and then set up a certificate and tried

Connect-PnPOnline -Url "https://mytenant-admin.sharepoint.com" -ClientId 1672a9ca-bab9-485b-8b06-dd6a648a0da1 -Tenant mytenant.onmicrosoft.com -Thumbprint ad8af3c6b86adc90d344d85989c309650146ce92

but getting the same result. I've added all seemingly relevant API permissions

Graph
Sites.FullControll.All (Application)
Sites.Manage.All (Application)
Sites.ReadWrite.All (Application)

SharePoint
Sites.FullControll.All (Application)
Sites.Manage.All (Application)
Sites.ReadWrite.All (Application)
SitesMetaDataAdmin.ReadWrite.All (Application)
AllSites.FullControll (Delegated)
AllSites.Read (Delegated)

The aud claim in the auth token is set to https://graph.microsoft.com. Is that correct, or should it be something else like https://mytenant-admin.sharepoint.com? Some online resources are saying that it should not be set to https://graph.microsoft.com, but I'm not so certain that the AI tools always know what they're talking about.

Any suggestions to resolve this?

[JDziurlaj]

Did you find a solution to this? We're using PnP.PowerShell 3.1.0