Per #629 (comment)

As per https://tools.ietf.org/html/rfc6749#section-4.1.1 the scope is a required parameter for the authorisation request (which #451 fixes), and is not actually defined for the access token request (which is where the library currently tries to perform scope validation here)

We should remove the validateScope call from the auth_code grant, as the scope parameter is not expected in the token request