Merge pull request #409 from smarie/fix_issue_408

`OAuth2Session` constructor now uses its `client.scope` when a `client`   is provided and `scope` is not overridden.

Author: JonathanHuot

HISTORY.rst

@@ -6,6 +6,9 @@ v1.3.2 (TBD)
 - ``OAuth2Session`` now correctly uses the ``self.verify`` value if ``verify``
   is not overridden in ``fetch_token`` and ``refresh_token``. Fixes `#404
   <https://github.com/requests/requests-oauthlib/issues/404>`_.
+- ``OAuth2Session`` constructor now uses its ``client.scope`` when a ``client``
+  is provided and ``scope`` is not overridden. Fixes `#408
+  <https://github.com/requests/requests-oauthlib/issues/408>`_
 
 v1.3.1 (21 January 2022)
 ++++++++++++++++++++++++

requests_oauthlib/oauth2_session.py

@@ -77,7 +77,7 @@ def __init__(
         super(OAuth2Session, self).__init__(**kwargs)
         self._client = client or WebApplicationClient(client_id, token=token)
         self.token = token or {}
-        self.scope = scope
+        self._scope = scope
         self.redirect_uri = redirect_uri
         self.state = state or generate_token
         self._state = state
@@ -97,6 +97,20 @@ def __init__(
             "protected_request": set(),
         }
 
+    @property
+    def scope(self):
+        """By default the scope from the client is used, except if overridden"""
+        if self._scope is not None:
+            return self._scope
+        elif self._client is not None:
+            return self._client.scope
+        else:
+            return None
+
+    @scope.setter
+    def scope(self, scope):
+        self._scope = scope
+
     def new_state(self):
         """Generates a state string to be used in authorizations."""
         try: