Fixes ignoring scope on refresh token call

[jorenvandeweyer]

Summary

• Fixes Scope in refresh_token grant type is ignored. #104
• Rewrote scopes to only allow an array of strings instead of where before both a string and an array of strings were allowed.
• Validate scopes safely
  BREAKING: validateScope must now only return an array of strings or a falsy value.
• Updated docs (also removed places still mentioning callbacks)

Linked issue(s)

#104 #194

Involved parts of the project

Scopes

Added tests?

Yes & updated existing tests

OAuth2 standard

See #104

[jorenvandeweyer]

@jankapunkt I targeted the PR to the release-5.0.0 branch to avoid merge conflicts since this branch is ahead of development

I think we should asap merge release-5.0.0 into development. We can do this before or after merging this PR.

[shrihari-prakash]

@jankapunkt , @jorenvandeweyer , will there be one more RC to test this change? I think this is already breaking with my project and maybe I can do a code change and test this to see if things are smooth before 5.0.0?

[jorenvandeweyer]

@jankapunkt can there be a RC of this PR?

[jankapunkt]

Hi @jorenvandeweyer @shrihari-prakash I was sick the last days jost got back today 💫 I will merge later today and create an rc

[jankapunkt]

@jorenvandeweyer I added some comments, can we shortly discuss before merging?

[jankapunkt]

@jorenvandeweyer would you mind shortly reviewing my comments? I think it's ready to merge I just want to make sure there is nothing missing etc. I can create a new release ASAP once it's merged

[jorenvandeweyer]

@jankapunkt sorry for the delay, I updated the PR.

It should be ready to be merged now!