no, this code is not present in : …
The fix we supplied to you in Oct’22 was integrated into our production VAL VAD shortly afterwards. Below is an extract from the current VAD.
procedure VAL.DBA.oauth_token (
...
-- A scope request parameter is not required for authorization code grant.
-- An OpenAM Authorization Server returns an error if a redundant scope parameter is supplied
-- with an access token request and Authorization Code Grant is used.
-- See: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3
-- if (not isnull (scope))
-- params := params || sprintf ('&scope=%U', scope);
...
Please check your VAL VAD is up to date. If you still get an error when verifying the identity provider binding, we will need more detailed information to isolate the cause.
To get a detailed Virtuoso console trace showing OAuth/OIDC calls, issue this command before verifying the binding:
registry_set ('__debug_oauth2.0', '1');
Afterwards, to turn the OAuth diagnostics off, issue
registry_remove('__debug_oauth2.0');
Please provide us with a Virtuoso console trace and a browser trace showing the network calls.
/cc @hwilliams