Merge pull request #598 from tanguilp/fix-rfc9068-no-scope-in-jws

Fix error when RFC9068 JWS has no scope field
lepture · Nov 29, 2023 · 04e83f6 · 04e83f6
2 parents ad13ae1 + 092f688
commit 04e83f6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/authlib/oauth2/rfc9068/token_validator.py b/authlib/oauth2/rfc9068/token_validator.py
@@ -140,7 +140,7 @@ def validate_token(
         # more considerations about the relationship between scope strings and resources
         # indicated by the 'aud' claim.
 
-        if self.scope_insufficient(token['scope'], scopes):
+        if self.scope_insufficient(token.get('scope', []), scopes):
             raise InsufficientScopeError()
 
         # Many authorization servers embed authorization attributes that go beyond the