Refreshed access_token is missing scope with league/oauth2-server ^9

I see that another issue was opened about supporting version 9, but it is not a bug report, so I opened this to specifically address the critical issue.

I forgot to attach the second screenshot, which shows how the same requests work properly on a site with version 8. Attaching it now...

I tested the change in ✨ Make compatible with league/oauth2-server 9 Active (casting $uid to a string) and it does not fix this issue.

Ah ha! There is an open bug report in the Simple OAuth issue queue that is similar to this one, and the change that they propose fixes this!

🐛 Return invalid_scope error when refresh token second time. Needs work

So this may actually be a simple_oauth issue...

Thank you for pointing this out. As you already guessed, the problem is upstream in the simple_oauth module and has just been fixed.

General compatibility with the new oauth2-server is available since v2.1.0 of this module.
By also updating to the latest version of simple_oauth the scopes should be properly set on refreshed access tokens.

Automatically closed - issue fixed for 2 weeks with no activity.