Invalid code signing for MAS build (version 23.3.3)

• Electron-Builder Version: 23.3.3

• Node Version: 16

• Electron Version: 19.0.10

• Target: MAS

From version 23.3.0 and later, signing MAS build will use 3rd Party Mac Developer Application certificate by default, and this causes invalid build for my app. When upload to the Mac App Store, I see the below error:

Asset validation failed (90284) Invalid Code Signing. The executable 'com.app.name.pkg/Payload/AppName.app/Contents/Library/LoginItems/AppName Login Helper.app/Contents/MacOS/AppName Login Helper' must be signed with the certificate that is contained in the provisioning profile. (ID: c3f46e59-cbb9-4b15-841d-04ffb05cb2b7)

I believe when the certificate doesn’t match the one embedded in provisioning profile, the build will show this error. However, when I set identity in mas key to Apple Distribution, I get the below error:

⨯ Cannot find valid "3rd Party Mac Developer Installer" identity to sign MAS installer, please see https://electron.build/code-signing

I believe this PR https://github.com/electron-userland/electron-builder/pull/6970 is related. When I manually patch macPackager.js to change ["3rd Party Mac Developer Application", "Apple Distribution"] to ["Apple Distribution", "3rd Party Mac Developer Application"], the app can be signed and uploaded to the Mac App Store successfully.

Should we use Apple Distribution by default and move 3rd Party Mac Developer Application to fallback? This should work for issue https://github.com/electron-userland/electron-builder/issues/6621 where Apple Distribution cannot be found so electron-builder will use 3rd Party Mac Developer Application certificate.