scope should be optional in client-credentials requests

juanifioren / django-oidc-provider

OpenID Connect and OAuth2 provider implementation for Djangonauts.

http://django-oidc-provider.readthedocs.org

MIT License

423 stars 238 forks source link

scope should be optional in client-credentials requests #396

Open nicwolff opened 2 years ago

nicwolff commented 2 years ago

scope is optional in the client-credentials flow but if I make a requests to the token endpoint with "grant_type": "client_credentials" but without "scope" I get

{
  "error": "invalid_scope: missing openid scope",
  "error_description": null
}