Access tokens always grant all the clients scopes

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create a OAuth client with two scopes, A and B 
2. Request an access token only with scope A available for this client

What is the expected output? What do you see instead?
You get an access_token with valid grant for both A and B scopes where you 
should get an access_token only for the A scope.


What version of the product are you using? On what operating system?
Latest one 

Please provide any additional information below.
On the file oauth2-php/lib/OAuth2.php on the line 751, you have this code:
   $token = $this->createAccessToken($client[0], $user_id, $stored['scope']);

Maybe you should have this one:
    $token = $this->createAccessToken($client[0], $user_id, $input['scope']);

Original issue reported on code.google.com by jordineb...@gmail.com on 31 Jul 2013 at 10:35