I might be having a related issue: No scopes are returned after POST /oauth2/token
Except I cannot access any scopes, even ones requested initially. Again, it works with the implicit flow.
EDIT:
I have a repro case:
- Create an application.
- Use the code flow to request auth with no scopes.
- Request auth with different scopes e.g.
user_read. - No scopes are returned with the OAuth key.
- Delete the app from your Connections: https://www.twitch.tv/settings/connections
- Request auth with
user_readscope. - OAuth key has correct scopes.
It seems that the scopes get “frozen” after auth is requested once, and the user has to delete the app connection to request more scopes.