According to the Device AuthZ Grant specification (see Section 3.1), the device authorization request supports requesting the scope of the access request through the scope (optional) parameter.

However, Keycloak does not honour well the scope parameter (optional client scopes). This affects:

• the consent which (when enabled) does not show the scopes requested in the device authorisation request
• the UserInfo endpoint after a successful Device Access Token Request does not contains the claims mapped to the requested scopes
• when the consent is enabled, the Device Access Token Request fails with the following message: { "error": "invalid_scope", "error_description": "Client no longer has requested consent from user"}

We have made a PR for fix this bug. Could you review it?