We found that request/response V5 and V10 OAuth2 providers are different, for example:
- request to V5 /token endpoint not required "scope" field but on v10 this parameter is required
- V5 /token response body JSON contains "grant_type" parameter but V10 not
- V10 refresh token required "scope" field but V5 not required
- V5 refresh token request return same body like as a body that returned by request to /token
etc.
Our problem is in Refresh Token (V10) because:
- Consumers does not hold scope for refresh token and send request without "scope" field.
- Refresh Token does not receive all scopes that was granted by resource (when scope includes additional scopes that has obtained from resource metadata) and request just failed.
How can we return same response on v10 as returned on V5 for our consumers?
How can we return same scopes that was obtained from /token request?
Thanks