Fix error when RFC9068 JWS has no scope field

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

https://authlib.org/

BSD 3-Clause "New" or "Revised" License

4.45k stars 445 forks source link

Closed tanguilp closed 9 months ago

tanguilp commented 9 months ago

The scope claim is optional in RFC9068. This PR fixes the current behaviour which is that it is mandatory by authlib.

What kind of change does this PR introduce? (check at least one)

Does this PR introduce a breaking change? (check one)

[x] You consent that the copyright of your pull request source code belongs to Authlib's author.

azmeuk commented 9 months ago

Thank you, I have missed that. Could you add unit tests for this usecase?