John Gotts --
I was told we do allow and ignore the scope parameter for older keys. I can't this easily myself right now, but let me know if you're seeing otherwise.
In the meantime, I've had no problems using the pecl OAuth library. What PHP libraries are you using? I can see if I can reproduce this and assist.