Skip to content

Commit

Permalink
Merge pull request #598 from tanguilp/fix-rfc9068-no-scope-in-jws
Browse files Browse the repository at this point in the history
Fix error when RFC9068 JWS has no scope field
  • Loading branch information
lepture authored Nov 29, 2023
2 parents ad13ae1 + 092f688 commit 04e83f6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion authlib/oauth2/rfc9068/token_validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ def validate_token(
# more considerations about the relationship between scope strings and resources
# indicated by the 'aud' claim.

if self.scope_insufficient(token['scope'], scopes):
if self.scope_insufficient(token.get('scope', []), scopes):
raise InsufficientScopeError()

# Many authorization servers embed authorization attributes that go beyond the
Expand Down

0 comments on commit 04e83f6

Please sign in to comment.