Fix validate_bearer_token to set correct request.scopes.

Author: n2ygk

docs/oidc.rst

@@ -331,8 +331,7 @@ TODO - confirm that this works and document so and whether it interferes with th
     ``oauthlib.common.Request`` object. This has a number of attributes that
     you can use to decide what claims to put in to the ID token:
 
-    * ``request.scopes`` - is `NOT the list of granted scopes <https://github.com/oauthlib/oauthlib/issues/799>`_. For that, use:
-    * ``request.access_token.scopes`` - the list of granted scopes.
+    * ``request.scopes`` - the list of granted scopes.
     * ``request.claims`` - a dictionary of the claims.
     * ``request.user`` - the django user object.
 

oauth2_provider/oauth2_validators.py

@@ -425,7 +425,7 @@ def validate_bearer_token(self, token, scopes, request):
         if access_token and access_token.is_valid(scopes):
             request.client = access_token.application
             request.user = access_token.user
-            request.scopes = scopes
+            request.scopes = list(access_token.scopes)
 
             # this is needed by django rest framework
             request.access_token = access_token
@@ -787,13 +787,10 @@ def get_oidc_claims(self, token, token_handler, request):
         data = self.get_claim_dict(request)
         claims = {}
 
+        # TODO if request.claims then return only the claims requested, but limited by granted scopes.
+
         for k, v in data.items():
-            if not self.oidc_claim_scope or (
-                token
-                and hasattr(token, "scopes")
-                and k in self.oidc_claim_scope
-                and self.oidc_claim_scope[k] in token.scopes
-            ):
+            if not self.oidc_claim_scope or self.oidc_claim_scope.get(k) in request.scopes:
                 claims[k] = v(request) if callable(v) else v
         return claims