Add checks for invalid scopes in the auth approval process

endpoints/web.py

@@ -278,6 +278,9 @@ def request_authorization_code():
 
     # Load the scope information.
     scope_info = scopes.get_scope_information(scope)
+    if not scope_info:
+      abort(404)
+      return
 
     # Load the application information.
     oauth_app = provider.get_application_for_client_id(client_id)