OAuth2Session constructor now uses its client.scope when a client is provided and scope is not overridden. Fixes #408

Sylvain MARIE · Sylvain MARIE · commit ad60046350ea · 2020-04-10T12:20:42.000+02:00
diff --git a/requests_oauthlib/oauth2_session.py b/requests_oauthlib/oauth2_session.py
@@ -77,7 +77,7 @@ def __init__(
         super(OAuth2Session, self).__init__(**kwargs)
         self._client = client or WebApplicationClient(client_id, token=token)
         self.token = token or {}
-        self.scope = scope
+        self._scope = scope
         self.redirect_uri = redirect_uri
         self.state = state or generate_token
         self._state = state
@@ -97,6 +97,20 @@ def __init__(
             "protected_request": set(),
         }
 
+    @property
+    def scope(self):
+        """By default the scope from the client is used, except if overridden"""
+        if self._scope is not None:
+            return self._scope
+        elif self._client is not None:
+            return self._client.scope
+        else:
+            return None
+
+    @scope.setter
+    def scope(self, scope):
+        self._scope = scope
+
     def new_state(self):
         """Generates a state string to be used in authorizations."""
         try:
