OAUTH2_SCOPES ignored

[jessemorton]

Describe the bug
First off, thank you for a great project. I'm setting up my first usage of it and am finding that the OAUTH2_SCOPES setting is getting ignored. This is an issue for me, in that I'd like to hide some system scopes that are unrelated to typical consumers of the API.

To Reproduce
If I set OAUTH2_SCOPES to some limited set of scopes that I'm OK being visible in the Swagger UI, the full set of scopes in my backend's get_all_scopes is called instead. It looks like the OAUTH2_SCOPES setting is never referenced in django_oauth_toolkit.py.

Expected behavior
Given the docs, I'd expect that I could leave my scope backend as-is and overwrite what scopes I want to appear in the Swagger UI.

[tfranzel]

Hi @jessemorton, thanks. Good catch! I assume I had something in mind when I wrote it but it's been almost 5 years and I don't remember exactly. OAUTH2_SCOPES is indeed unused and that is misleading and wrong in any case.

I think it makes sense to let this config override the generated default. It is usually how we deal with explicitly given parameters/settings. That might have been the original idea and was probably just forgotten.

[jessemorton]

Thanks for the quick reply and fix @tfranzel!