From 93d8ac7410dcc864d08e8d10abfb98d435e53486 Mon Sep 17 00:00:00 2001
From: Shrikant Sharat Kandula <shrikantsharat.k@gmail.com>
Date: Tue, 10 Jan 2023 19:52:34 +0530
Subject: [PATCH] Get userInfo, if scopes in token is empty

---
 .../oauth2/client/oidc/userinfo/OidcUserRequestUtils.java      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
index e8e63624799..81842c2bd93 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java
@@ -60,7 +60,8 @@ static boolean shouldRetrieveUserInfo(OidcUserRequest userRequest) {
 		if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
 			// Return true if there is at least one match between the authorized scope(s)
 			// and UserInfo scope(s)
-			return CollectionUtils.containsAny(userRequest.getAccessToken().getScopes(),
+			return CollectionUtils.isEmpty(userRequest.getAccessToken().getScopes())
+				|| CollectionUtils.containsAny(userRequest.getAccessToken().getScopes(),
 					userRequest.getClientRegistration().getScopes());
 		}
 		return false;