use allowed_scopes if APP_SPECIFIC_SCOPES is enabled

Author: honestbleeps

oauth2_provider/oauth2_validators.py

@@ -265,7 +265,10 @@ def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
         return set(scopes).issubset(set(oauth2_settings._SCOPES))
 
     def get_default_scopes(self, client_id, request, *args, **kwargs):
-        return oauth2_settings._SCOPES
+        if oauth2_settings.APP_SPECIFIC_SCOPES:
+            return request.client.allowed_scopes
+        else:
+            return oauth2_settings._SCOPES
 
     def validate_redirect_uri(self, client_id, redirect_uri, request, *args, **kwargs):
         return request.client.redirect_uri_allowed(redirect_uri)