\League\OAuth2\Client\Provider\AbstractProvider::getAccessToken should therefore be adjusted to:
Allow passing an array of scopes as an option
Fall back to the default scopes of the provider if none are provided in step 1
Keep in mind that it is impossible to make a workaround for this issue.
That is due to the fact that it is not possible to retrieve the scope separator or default scopes from outside a provider (methods are protected in interface!).
Using password grant to retrieve an access token some (all?) providers require a scope to be sent along. Examples are: Microsoft EntraID, WSO2 Documentation: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth-ropc#authorization-request
\League\OAuth2\Client\Provider\AbstractProvider::getAccessTokenshould therefore be adjusted to:Keep in mind that it is impossible to make a workaround for this issue. That is due to the fact that it is not possible to retrieve the scope separator or default scopes from outside a provider (methods are protected in interface!).