From 3af9ca09eaa99d35977e7e6c59b91d7fa8f1a33a Mon Sep 17 00:00:00 2001
From: Nikita Bulai <bulaj.nikita@gmail.com>
Date: Wed, 10 Jul 2024 17:27:26 +0300
Subject: [PATCH] Fix Doorkeeper::AccessToken.find_or_create_for with empty
 scopes

Fixes #1699
---
 CHANGELOG.md                                | 2 ++
 lib/doorkeeper/models/access_token_mixin.rb | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 07ac83956..b57edd313 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,8 @@ User-visible changes worth mentioning.
 
 Add your entry here.
 
+- [#1714] Fix `Doorkeeper::AccessToken.find_or_create_for` with empty scopes which raises NoMethodError 
+
 ## 5.7.1
 
 - [#1705] Add `force_pkce` option that requires non-confidential clients to use PKCE when requesting an access_token using an authorization code
diff --git a/lib/doorkeeper/models/access_token_mixin.rb b/lib/doorkeeper/models/access_token_mixin.rb
index ec6e55224..2c1ce4ace 100644
--- a/lib/doorkeeper/models/access_token_mixin.rb
+++ b/lib/doorkeeper/models/access_token_mixin.rb
@@ -214,6 +214,8 @@ def custom_attributes_match?(token, custom_attributes)
       # @return [Doorkeeper::AccessToken] existing record or a new one
       #
       def find_or_create_for(application:, resource_owner:, scopes:, **token_attributes)
+        scopes = Doorkeeper::OAuth::Scopes.from_string(scopes) if scopes.is_a?(String)
+
         if Doorkeeper.config.reuse_access_token
           custom_attributes = extract_custom_attributes(token_attributes).presence
           access_token = matching_token_for(