Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe your problem

When using the JWT access token strategy, the scopes are encoded in the scp claim as an array of strings. From what I've read (see this RFC), it seems like the more standard way to do this is in the scope claim as a single space-delimited string.

Describe your ideal solution

It does look like the underlying fosite library supports this via the JWTScopeFieldProvider, but Hydra explicitly chooses JWTScopeFieldList. My preferred solution would be a configuration option for Hydra to allow us to opt in to the other scope claim behaviors supported by fosite. This can default to the current scp array strategy for backwards compatibility.

Workarounds or alternatives

It's fairly simple to have any scope checks look at the scp claim, but it makes it harder to use popular libraries like https://www.npmjs.com/package/express-oauth2-jwt-bearer which adhere pretty strictly to the standard scope claim.

Version

2.1.0

Additional Context

No response