diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py
index 4dc54109c..bb723865b 100644
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@@ -93,7 +93,10 @@ class TokenParams:
                 self.refresh_token = RefreshToken.objects.get(
                     refresh_token=raw_token, provider=self.provider
                 )
-
+                # https://tools.ietf.org/html/rfc6749#section-6
+                # Fallback to original token's scopes when none are given
+                if self.scope == []:
+                    self.scope = self.refresh_token.scope
             except RefreshToken.DoesNotExist:
                 LOGGER.warning(
                     "Refresh token does not exist",