Merge pull request #475 from akira-dev/master

JonathanHuot · web-flow · commit 36e7f50049f3 · 2018-09-07T23:07:05.000+02:00
Remove check on empty scopes for implicit grant flow
diff --git a/oauthlib/oauth2/rfc6749/grant_types/implicit.py b/oauthlib/oauth2/rfc6749/grant_types/implicit.py
@@ -200,11 +200,6 @@ def create_token_response(self, request, token_handler):
         .. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1
         """
         try:
-            # request.scopes is only mandated in post auth and both pre and
-            # post auth use validate_authorization_request
-            if not request.scopes:
-                raise ValueError('Scopes must be set on post auth.')
-
             self.validate_token_request(request)
 
         # If the request fails due to a missing, invalid, or mismatching
