Hi Pete,
It looks like the application is requesting some conflicting scopes:
patient/Location.read patient/Patient.read patient/Person.read profile user/Appointment.read user/Appointment.write user/Location.read user/Patient.read user/Person.read user/Practitioner.read
Can the application be changed to only use a single scope for each resource? IE: having both patient/Patient.read AND user/Patient.read for the same token are conflicting. In addition, Location isn't a patient-focused resource, so you will want to request only user/Location.read for that, just like was done for Practitioner above (the others should be chosen based on the app workflow).
Regards,
Jenni