Custom connections are broken due to league/oauth2-client change (invalid_scope error)

[hailwood]

The oauth2-client package made a change in 2.8.0 to send across scopes by default.

This means when you attempt to call ->getAccessToken('client_credentials'); it's now asking for the scopes openid email profile due to them being the default scopes set on the Xero provider.

To fix this issue we need to either pass through the actual list of scopes we use ['scope' => 'accounting.transactions accounting.contacts ...'] as the second parameter to the ->getAccessToken call, or override the Providers getDefaultScopes method to return an empty array.

There is currently an open PR to fix the issue thephpleague/oauth2-client#1053
However, I am leaving this here to assist others in debugging, or suggest that this package should pin the version of oauth2-client to 2.7 until this fix is released.

I understand that this issue is probably better suited for calcinai/oauth2-xero, but users are unlikely to actually look there so figure having it here will lower your support requests.

[calcinai]

Hopefully it gets fixed upstream, and yeah, also happy to pin to an older version in the interim over at oauth2-xero. Thanks for digging into this!