Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

In Hydra v1.X.X if we issue two JWT Bearer Grant Type Issuers with 2 different keys for the same subject and same issuer but with scope "a" for the first key and scope "b", key 1 was allowed to grant scope "a" and key 2 was allowed to grant scope "b".

In Hydra v2.X.X if we do the same, key 1 is allowed to grant scope "a" and key 2 is not allowed to grant scope "b".
If we delete Grant Issuer linked to key 1, then key 2 is allowed to grant scope "b".

Reproducing the bug

1. Generate two JWT Bearer Grant Type Issuers with the same issuer, subject and scope a for Grant 1 and scope b for Grant 2.
2. Request tokens with the scope specified in the JWT for each JWT with the client_id you created.
3. Request with second JWT will fail saying scope b is not allowed.

Relevant log output

No response

Relevant configuration

No response

Version

v2.1.1

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes

Additional Context

No response