Bad Gateway 502 for /accessible-resources

Recently started getting Bad Gateway 502 errors when trying to get resources.

I successfully exchange my code for a token as described for OAuth 2.0 authorization code grants (3LO) fo Apps.

but when i make the call for /oauth/token/accessible-resources for the cloudid i get the server error.

No code has changed so something doesn’t work as it did before. Is this a change because of GDPR?

Found the issue, i believe 3LO might have supported comma separated “scope” before but now it does not. I removed prompt=consent while debugging, this caused the oauth to succeed but the 502 to occur. Once i used space separated scopes, the oauth prompt succeeds and everything worked.

I don’t know what the standard is, but i would recommend that you maybe handle both?