Issue Summary

When a 3LO app developer selects report:personal-data scope under permissions for their app and starts the OAuth flow, the consent screen shows `Something went wrong` error. And, if app developer starts OAuth flow with other scopes including report:personal-data then the access token returned does not contain the report:personal-data scope.

Due to this the 3LO app cannot call the endpoints ( eg, personal data reporting endpoint ) which require report:personal-data scope.

Steps to Reproduce

1. Create a 3LO app in https://developer.atlassian.com/console/myapps/
2. Select `Personal data reporting API` scope under Permissions -> Personal data reporting API.
3. Select `View Jira issue data` scopes under under Permissions -> Jira API.
4. Start the OAuth flow for the app, by getting the URL from Authorization -> OAuth 2.0 (3LO) Configure with only report:personal-data scope in the request.
   1. Observe that the consent screen shows error "Something went wrong".
5. Start the OAuth flow for the app with read:jira-work and report:personal-data scopes in the request.
6. Go through the consent screen and capture the access token.

Expected Results

User should be able to consent with the selected scopes and access token should include all the scopes requested.

Actual Results

When only report:personal-data scope is requested then consent screen shows error `Something went wrong`. If more scopes are selected, then the access token returned does not contain the report:personal-data scope.

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available