Given a valid bearer token
And a policy and resource scope permission exists
When I request a grant-type:uma-ticket RPT token without explicit permissions
Then the full set of authorized resources & scopes should return in the rpt token, including resources authorized by policy
Actual: Only uma granted resources/scopes return, policies/scope permissions are not evaluated
If I append a bogus &permission=blah#scope , then the policies & permissions are evaluated and the returned RPT token has the full permission set. It appears that any unresolveable resource/scope appended as an explicit permission causes the full set of resources to return for the specified scope.