From 514540d52e0dfe85de2ecd906aa8ecbeefd75dcb Mon Sep 17 00:00:00 2001
From: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date: Wed, 23 Jul 2025 21:32:17 +0200
Subject: [PATCH] Ensure the asserted scopes are the ones in the access grant

---
 spec/requests/oauth/token_spec.rb | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/spec/requests/oauth/token_spec.rb b/spec/requests/oauth/token_spec.rb
index 743c4d062ca..cede0bbaaa9 100644
--- a/spec/requests/oauth/token_spec.rb
+++ b/spec/requests/oauth/token_spec.rb
@@ -25,17 +25,15 @@ RSpec.describe 'Managing OAuth Tokens' do
         }
       end
 
-      let(:code) do
-        access_grant = Fabricate(:access_grant, application: application, redirect_uri: 'urn:ietf:wg:oauth:2.0:oob', scopes: 'read write')
-        access_grant.plaintext_token
-      end
+      let(:access_grant) { Fabricate(:access_grant, application: application, redirect_uri: 'urn:ietf:wg:oauth:2.0:oob', scopes: 'read write') }
+      let(:code) { access_grant.plaintext_token }
 
       shared_examples 'returns a correctly scoped access token' do
         it 'returns the scopes requested by the authorization code' do
           subject
 
           expect(response).to have_http_status(200)
-          expect(response.parsed_body[:scope]).to eq 'read write'
+          expect(response.parsed_body[:scope]).to eq access_grant.scopes.to_s
         end
 
         context 'with additional parameters not used by the grant type' do