The One-Character OAuth Bug That Broke Our API

This article was originally published on Jo4 Blog. Our OAuth implementation worked perfectly. Every test passed. Users authorized apps, got tokens, refreshed them. Textbook OAuth 2.0. Then a Pipedream integration broke. The Problem A user reported that their Pipedream workflow couldn't access certain API endpoints. The token was valid, the scopes were granted — but the API returned 403 Forbidden. The error logs showed the token had zero scopes. That's impossible — we confirmed t