diff --git a/src/Repositories/ScopeRepository.php b/src/Repositories/ScopeRepository.php
index 4dc52b6..0bfd8fb 100644
--- a/src/Repositories/ScopeRepository.php
+++ b/src/Repositories/ScopeRepository.php
@@ -62,14 +62,20 @@ class ScopeRepository implements ScopeRepositoryInterface {
     }
 
     $role_ids = $user->getRoles();
-    // Given a user, only allow the roles that the user already has, regardless
-    // of what has been requested.
-    $scopes = array_filter($scopes, function (ScopeEntityInterface $scope) use ($role_ids) {
-      return in_array($scope->getIdentifier(), $role_ids);
-    });
+    if (!empty($scopes)) {
+      // If client has set scopes, only allow the roles that the user already
+      // has, regardless of what has been requested.
+      $scopes = array_filter($scopes, function (ScopeEntityInterface $scope) use ($role_ids) {
+        return in_array($scope->getIdentifier(), $role_ids);
+      });
+    }
+    else {
+      // If client has not requested a specific scope, set all available scopes.
+      $scopes = array_reduce($role_ids, function ($scopes, $role_id)  {
+        return $this->addRoleToScopes($scopes, $role_id);
+      }, $scopes);
+    }
 
-    // Make sure that the Authenticated role is added as well.
-    $scopes = $this->addRoleToScopes($scopes, RoleInterface::AUTHENTICATED_ID);
     // Make sure that the client roles are added to the scopes as well.
     /** @var \Drupal\simple_oauth\Entity\Oauth2ClientInterface $client_drupal_entity */
     $client_drupal_entity = $client_entity->getDrupalEntity();