Unable to refresh token if no scope is defined

[faxioman]

Trying to refresh a token without scope defined always throw an exception. The method _validate_refresh_token in oauth2app / token should initialize self.scope to [] if no scope is used.

Thanks

[bhagany]

Confused about this one - what exception is being thrown in this case?

[faxioman]

Django try to execute this code in _get_refresh_token:

access_ranges = list(AccessRange.objects.filter(key__in=self.scope))

If self.scope is None, Django throw an exception

[faxioman]

I think that an "else self.scope = []" at end of _validate_refresh_token method should be resolutive.

[bhagany]

Looks like we had this problem in several places - I decided to check for self.scope being populated in _get_refresh_token, and the other methods like it. I believe that should solve the problem. Commit coming up.