Fix error when RFC9068 JWS has no scope field

lepture · Nov 24, 2023 · 092f688 · 092f688
1 parent ad13ae1
commit 092f688
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/authlib/oauth2/rfc9068/token_validator.py b/authlib/oauth2/rfc9068/token_validator.py
@@ -140,7 +140,7 @@ def validate_token(
         # more considerations about the relationship between scope strings and resources
         # indicated by the 'aud' claim.
 
-        if self.scope_insufficient(token['scope'], scopes):
+        if self.scope_insufficient(token.get('scope', []), scopes):
             raise InsufficientScopeError()
 
         # Many authorization servers embed authorization attributes that go beyond the