A few years ago at the request of the SMART team I implemented a feature that restricts access to a patient scope if a patient scope has been granted. This was never heavily used as far as I know, and seems to be a little buggy.
I think it would be appropriate to remove this functionality completely.
See this support thread for proof that it’s causing more confusion than it’s helping: https://groups.google.com/a/logicahealth.org/d/msg/developer/J7CVeMkgM4Q/so-htYE7AwAJ
The relevant code is here:
And it can be removed from the sandbox by getting rid of this interceptor: ScopeBasedAuthorizationInterceptor.java
Which is here: