diff --git a/auth/jwt/coverage_test.go b/auth/jwt/coverage_test.go
index 059491e..00b9803 100644
--- a/auth/jwt/coverage_test.go
+++ b/auth/jwt/coverage_test.go
@@ -226,6 +226,18 @@ func TestCov_SpaceDelimited_UnmarshalJSON(t *testing.T) {
 			t.Fatal("expected error")
 		}
 	})
+	// Scope must be a space-delimited string per RFC 6749 §3.3, not a JSON array.
+	// If a token arrives with "scope":[] it means the issuer has a bug (e.g. using
+	// []string instead of SpaceDelimited in its claims struct).
+	t.Run("array_is_invalid", func(t *testing.T) {
+		var s SpaceDelimited
+		if err := json.Unmarshal([]byte(`[]`), &s); err == nil {
+			t.Fatal("expected error for array-typed scope; issuer may have a []string bug")
+		}
+		if err := json.Unmarshal([]byte(`["openid","profile"]`), &s); err == nil {
+			t.Fatal("expected error for array-typed scope; issuer may have a []string bug")
+		}
+	})
 }
 
 func TestCov_SpaceDelimited_MarshalJSON(t *testing.T) {