mutt_oauth2.py.README : instructions do not work for Azure tenant

The README has the following instructions for generating a client_id and client_secret on Office365.

-- How to create a Microsoft registration --

Go to portal.azure.com, log in with a Microsoft account (get a free
one at outlook.com), then search for "app registration", and add a
new registration. On the initial form that appears, put a name like
"Mutt", allow any type of account, and put "http://localhost/" as
the redirect URI, then more carefully go through each
screen:

Branding
 - Leave fields blank or put in reasonable values
 - For official registration, verify your choice of publisher domain
Authentication:
 - Platform "Mobile and desktop"
 - Redirect URI "http://localhost/"
 - Any kind of account
 - Enable public client (allow device code flow)
API permissions:
 - Microsoft Graph, Delegated, "offline_access"
 - Microsoft Graph, Delegated, "IMAP.AccessAsUser.All"
 - Microsoft Graph, Delegated, "POP.AccessAsUser.All"
 - Microsoft Graph, Delegated, "SMTP.Send"
 - Microsoft Graph, Delegated, "User.Read"
Overview:
 - Take note of the Application ID (a.k.a. Client ID), you'll need it shortly

End users who aren't able to get to the app registration screen within
portal.azure.com for their work/school account can temporarily use an
incognito browser window to create a free outlook.com account and use that
to create the app registration.

Edit the client_id (and client_secret if there is one) into the
mutt_oauth2.py script.

I think the following instruction is incorrect, at least for Azure tenants:

Authentication:
 - Platform "Mobile and desktop"

I used the Thunderbird client_secret and client_id to successfully connect to an Office365 account at my organization. Then I was given access to the App Registration component of the portal. When I tried to set up an app registration for my own client_id and client_secret using the instructions, I got the following error:

AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented.

It turns out that there are different kinds of classifications for the different platforms offered in app registration. The "Mobile and desktop" platform is considered a public platform, and cannot transfer confidential information like client_secrets. The "Web" platform is considered confidential. Documentation about that is here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-client-applications . Switching to the "Web" platform fixed this.

In the Web platform there is an entry for "Front-channel logout URL", which I left blank. There were two other checkboxes, both of which I checked: for "Implicit Grant and Hybrid Flows" I selected both "Access Tokens" and "ID Tokens". I am not sure whether they are both necessary.

I do not know whether the given instructions are wrong for everybody or just me. In particular I did not try to set up an outlook.com account with Mutt.

Also: it is my belief that Thunderbird also sets up its App Registration this way (using confidential rather than public apps), and it is causing problems for them. See https://bugzilla.mozilla.org/show_bug.cgi?id=1685414