diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java
index aa9043611..741a4b27d 100644
--- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java
@@ -561,6 +561,12 @@ public static ServiceAccountCredentials fromStream(
             fileType, SERVICE_ACCOUNT_FILE_TYPE));
   }
 
+  /** Returns whether the scopes are empty, meaning createScoped must be called before use. */
+  @Override
+  public boolean createScopedRequired() {
+    return scopes.isEmpty();
+  }
+
   /**
    * Refreshes the OAuth2 access token by getting a new access token using a JSON Web Token (JWT).
    */
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
index 904093154..604f68c60 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
@@ -479,12 +479,12 @@ public void createdScoped_defaultScopes() throws IOException {
   }
 
   @Test
-  public void createScopedRequired_emptyScopes_false() throws IOException {
+  public void createScopedRequired_emptyScopes() throws IOException {
     GoogleCredentials credentials =
         ServiceAccountCredentials.fromPkcs8(
             CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID, EMPTY_SCOPES);
 
-    assertFalse(credentials.createScopedRequired());
+    assertTrue(credentials.createScopedRequired());
   }
 
   @Test