fix: use def. scopes if no scope param is present in tok exch

Use default scopes - intersection of subject token scopes and allowed
client scopes for token exchange

perun-oidc-server/src/main/java/cz/muni/ics/oauth2/token/exchange/OAuthTokenExchangeGranter.java

@@ -116,8 +116,11 @@ public class OAuthTokenExchangeGranter extends BaseTokenExchangeGranter {
 
 		token.setClient(client);
 		Set<String> scopes = new HashSet<>();
-		if (tokenRequest.getScope() != null) {
+		if (tokenRequest.getScope() != null && !tokenRequest.getScope().isEmpty()) {
 			scopes.addAll(tokenRequest.getScope());
+		} else {
+			scopes.addAll(subjectToken.getScope());
+			scopes.retainAll(clientDetails.getScope());
 		}
 		boolean upScopingHappened = false;
 		if (!scopes.isEmpty()) {
@@ -247,12 +250,6 @@ public class OAuthTokenExchangeGranter extends BaseTokenExchangeGranter {
 		return true;
 	}
 
-	@Override
-	public boolean supportsByParams(Map<String, String> parameters) {
-		boolean supports = super.supportsByParams(parameters);
-		return supports && parameters.containsKey(SCOPE);
-	}
-
 	private OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client, AuthenticationHolderEntity authHolder) {
 		OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity();
 		JWTClaimsSet.Builder refreshClaims = new JWTClaimsSet.Builder();