oauth 2 access token scope in json array? not string

[Ruslan Mezentsev]

Hi, I'm using cas 6.0.0-rc2 with reactive spring-security-oauth2-client service:

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "clientId",
  "clientSecret": "clientSecret",
  "serviceId" : "http://server.docker:8080/login/oauth2/code/cas",
  "name" : "OAuthService",
  "jsonFormat" : true,
  "id" : 100
}

when access token scope comes from cas

{"access_token":"AT-19-L8znqVHp3Tm4gMZmnuW7aQ9Clez6cNaP","token_type":"bearer","expires_in":28800,"scope":["PROFILE"]}

but in rfc6749 it's a list of space-delimited, case-sensitive strings:

 The value of the scope parameter is expressed as a list of space-
   delimited, case-sensitive strings.  The strings are defined by the
   authorization server.  If the value contains multiple space-delimited
   strings, their order does not matter, and each string adds an
   additional access range to the requested scope.

 https://tools.ietf.org/html/rfc6749#section-3.3

In spring-security-oauth2-core (OAuth2AccessTokenResponseBodyExtractor) it's string:

ParameterizedTypeReference<Map<String, String>> type = new ParameterizedTypeReference<Map<String, String>>() {};
BodyExtractor<Mono<Map<String, String>>, ReactiveHttpInputMessage> delegate = BodyExtractors.toMono(type);

Error on cas access token:

JSON decoding error: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token; 

nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: 

Cannot deserialize instance of `java.lang.String` out of START_ARRAY token at 

[Source: UNKNOWN; line: -1, column: -1] (through reference chain: java.util.LinkedHashMap["scope"])

from https://docs.apigee.com/api-platform/security/oauth/working-scopes#codeexamples-defaultcase

{
  ...
  "scope" : "A B C",
  ...
}