Authentication failure with all scopes selected

[sergey-program]

Bug

PHP code

        $curl = curl_init();

        curl_setopt_array($curl, [
                CURLOPT_URL => $this->createUrl(),
                CURLOPT_HTTPHEADER => [
                    'Authorization: Bearer ' . $this->getAccessToken(),
                    'Accept: application/json',
                    'Cache-Control: no-cache'
                ],
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_FRESH_CONNECT => true
            ]
        );

        $result = curl_exec($curl);

        var_dump($result);
        echo '<pre>';
        print_r(curl_getinfo($curl));

gives me

string(34) "{"error":"authentication failure"}"
Array
(
    [url] => https://esi.evetech.net/v1/characters/2120038253/fleet/?datasource=tranquility
    [content_type] => application/json; charset=utf-8
    [http_code] => 403
    [header_size] => 645
    [request_size] => 4346
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.362791
    [namelookup_time] => 0.00202
    [connect_time] => 0.085937
    [pretransfer_time] => 0.276465
    [size_upload] => 0
    [size_download] => 34
    [speed_download] => 93
    [speed_upload] => 0
    [download_content_length] => 34
    [upload_content_length] => -1
    [starttransfer_time] => 0.362727
    [redirect_time] => 0
    [redirect_url] => 
    [primary_ip] => 52.19.10.36
    [certinfo] => Array
        (
        )

    [primary_port] => 443
    [local_ip] => 127.0.0.1
    [local_port] => 50151
    [http_version] => 3
    [protocol] => 2
    [ssl_verifyresult] => 0
    [scheme] => HTTPS
    [appconnect_time_us] => 276046
    [connect_time_us] => 85937
    [namelookup_time_us] => 2020
    [pretransfer_time_us] => 276465
    [redirect_time_us] => 0
    [starttransfer_time_us] => 362727
    [total_time_us] => 362791
)

It happens when I select all scopes in application, then copy them to auth link. User do auth correctly and I receive access_token and refresh_token, but when I try to get (for example) “/latest/characters/{character_id}/fleet/” it gives "authentication failure".

If I will use only two scopes (in app and in auth link. “esi-fleets.read_fleet.v1 esi-fleets.write_fleet.v1”) it works correctly.
So question is, why it;s happening?

Also want to mention if I authenticate in swagger site and do same - it works no matter how much scopes I've seleted.

[GoldenGnu]

This is not the correct place to make bug reports for SSO issues, the correct place is: https://github.com/ccpgames/sso-issues
(so, I'm going to close it)

This issue looks very similar to ccpgames/sso-issues#76

Edit: Also duplicate of #1089 (have workaround)