Prevent duplicate scopes in authorization

app/models/api/openid_connect/o_auth_application.rb

@@ -1,7 +1,7 @@
 module Api
   module OpenidConnect
     class OAuthApplication < ActiveRecord::Base
-      has_many :authorizations
+      has_many :authorizations, dependent: :destroy
       has_many :user, through: :authorizations
 
       validates :client_id, presence: true, uniqueness: true

lib/api/openid_connect/authorization_point/endpoint_confirmation_point.rb

@@ -24,7 +24,7 @@ module Api
           auth = OpenidConnect::Authorization.find_or_create_by(
             o_auth_application: @o_auth_application, user: @user, redirect_uri: @redirect_uri)
           auth.nonce = req.nonce
-          auth.scopes << @scopes
+          auth.scopes << @scopes unless auth.scopes == @scopes
           handle_approved_response_type(auth, req, res)
           res.approve!
         end