I have a machine client app calling into an api. This app is authorized for the api and both the api and the app are having the new scopes (as well as some older scopes). On the api side I have some code that looks at the request after running jwtVerify on it and gets the scopes that are on it. The existing older scopes all come through but mysteriously the new ones do not.