Hi!

When i read the doc in _oauthlib/oauth2/rfc6749/grant_types/authorization_code.py_, i can see :
scope OPTIONAL. The scope of the access request as described by Section 3.3_.

But this check assume that scopes is mandatory
if not request.scopes: raise ValueError('Scopes must be set on post auth.')

Am i misunderstanding something?