diff --git a/frappe/oauth.py b/frappe/oauth.py
index a074709a6c..5e170db5d2 100644
--- a/frappe/oauth.py
+++ b/frappe/oauth.py
@@ -253,9 +253,7 @@ class OAuthWebRequestValidator(RequestValidator):
 		# return its scopes, these will be passed on to the refreshed
 		# access token if the client did not specify a scope during the
 		# request.
-		obearer_token = frappe.get_doc(
-			"OAuth Bearer Token", {"refresh_token": refresh_token}, ignore_permissions=True
-		)
+		obearer_token = frappe.get_doc("OAuth Bearer Token", {"refresh_token": refresh_token})
 		return obearer_token.scopes
 
 	def revoke_token(self, token, token_type_hint, request, *args, **kwargs):
@@ -296,7 +294,6 @@ class OAuthWebRequestValidator(RequestValidator):
 		otoken = frappe.get_doc(
 			"OAuth Bearer Token",
 			{"refresh_token": refresh_token, "status": "Active"},
-			ignore_permissions=True,
 		)
 
 		if not otoken: