#### Allow multiple middleware scopes in Laravel 8 routing

I’m trying to hit a route that needs to support multiple scopes for auth. It currently requires a scope called manage-clicks-creatives, but I would like to also allow manage-all-clicks-creatives. The Laravel docs seem to indicate that this is possible:

The scope middleware may be assigned to a route to verify that the incoming request’s access token has at least one of the listed scopes:

Route::get('/orders', function () {
})->middleware('scope:check-status,place-orders');


Here’s the relevant bits from api.php:

<?php
/**
* @var LaravelLumenRoutingRouter
*/
$router->group(['prefix' => 'api', 'middleware' => 'auth:api'], function () use ($router) {
$router->group(['namespace' => 'Creatives'], function () use ($router) {
$router->group(['middleware' => 'scope:manage-clicks-creatives,'], function () use ($router) {
$router->post('creatives', '[email protected]'); }); }); });  But when my test runs, with a user who has the manage-all-clicks-creatives scope, the request fails: [2021-09-14 19:10:08] testing.ERROR: You do not have permission to do that. {"exception":"[object] (IlluminateValidationUnauthorizedException(code: 0): You do not have permission to do that. at /lumen-api/src/Http/Middleware/AuthorizeScope.php:23)  [stacktrace] I’ve tried comma-delimited scopes: $router->group(['middleware' => 'scope:manage-clicks-creatives,manage-all-clicks-creatives'], function () use ($router) {  And pipe-delimited $router->group(['middleware' => 'scope:manage-clicks-creatives|manage-all-clicks-creatives'], function () use ($router) {  and scopes with arrays: $router->group(['middleware' => ['scope:manage-clicks-creatives', 'scope:manage-all-clicks-creatives']], function () use (\$router) {


But none of them seem to work.

Source: Laravel