Token exchange request warning when SMART scopes are not combined (Test 1.4.06)

[Justin-Ramm]

Inferno currently gives a warning if SMART v2.0.0 scopes are returned separately instead of in a combined single scope string. For example, if the token endpoint returns a scope string that includes patient/AllergyIntolerance.r patient/AllergyIntolerance.s, Inferno will have a warning that says:

Token exchange response did not include all requested scopes. These may have been denied by user: patient/AllergyIntolerance.rs

The SMART spec does "recommend" combining scopes into the shortest string possible, but does not make it a strict requirement (in the Scope Equivalence section).

While this is only a warning, I am curious if Inferno should accept separate scope strings as valid without a warning. Perhaps the warning makes sense, but wanted to raise the issue in case this wasn't intended.

[Justin-Ramm]

The following is a full list of tests where I have observed this warning due to the issue noted above, when using (g)(10) test kit options US Core 6.1.0 / USCDI v3, SMART App Launch 2.0.0, Bulk Data 1.0.1:

Test section	Affected test steps
1 Standalone Patient App	1.4.06
3 EHR Practitioner App	3.4.08
9.2 Public Client Launch	9.2.06
9.9 EHR Launch with Patient Scopes	9.9.08
9.11 Token Introspection	9.11.1.2.06
9.12 Asymmetric Client Launch	9.12.2.06
9.13 Launch with v1 Scopes	9.13.2.06
9.14 SMART Launch with Fine-Grained Scopes	9.14.1.1.2.06 9.14.2.1.2.06