Unable to use OAuth2 application without API scope

Summary

Adapting to use https://docs.gitlab.com/ee/api/oauth2.html#web-application-flow without api scope results in The requested scope is invalid, unknown, or malformed. error

Steps to reproduce

1. Register application with all scopes other than api
2. Try to go to https://gitlab.example.com/oauth/authorize?client_id=APP_ID&redirect_uri=REDIRECT_URI&response_type=code&state=YOUR_UNIQUE_STATE_HASH and see The requested scope is invalid, unknown, or malformed. error

What is the current bug behavior?

The requested scope is invalid, unknown, or malformed. error

What is the expected correct behavior?

Should redirect me to redirect URI so that can then pull from user API

Possible fixes

Doorkeeper looks to default to api scope? Maybe it needs to default to a different scope.