I believe V2 AUTHZ endpoints issue V1 access tokens if the client's scope items are for an API that is only V1 compliant (e.g. Graph).

But does it mean that, for example,  the token merely has the V1 claim fields and not the V2 ones, or that the V2 endpoint behaves  exactly like a V1 endpoint in that it ignores client scopes and acts as if 'resource' was specified (i.e. selects all the static permissions specified for that client in AAD)