scopes as array now throw Exception in getQueryStringParameter()

[joelharkes]

The function \League\OAuth2\Server\Grant\AbstractGrant::validateScopes() allows an array of strings as input.
Yet when it retrieves it from the OauthRequest via getQueryStringParameter() it does only allow scalar types and thus will fail:

Whereas in older versions returning/setting scopes as an array ["scope1","scope2"] was allowed.

Now the source code is very confusing because on one hand it expects it can be an array, but on the other it doesn't allow an array 🤷.

sidenote: only \League\OAuth2\Server\Grant\AuthCodeGrant::respondToAccessTokenRequest() seems to allow scopes as array, all other references get the scope from query string and thus would fail.

At least version 8.2.4 still allowed using strings.

[eugene-borovov]

3.3. Access Token Scope

The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings

[Sephster]

Hi @joelharkes - looking at this, I think it is just an oversight of mine where I didn't notice that validateScopes is no longer provided an array in the library. It probably should have been removed. It looks like removing this doesn't affect the code at all but is a breaking change so should probably be left as is for now. Apologies for any confusion caused there.

If there is some wider implication of this change I'm not aware of, like causing a bug or something, please could you let me know and we can look at fixing this. Thank you