TokenGenerator._get_refresh_token doesn't leave the scope attribute on self.access_token alone if the request had no scope parameter (i.e. self.scope is None).
scope
OPTIONAL. The scope of the access request as described by
Section 3.3. The requested scope MUST NOT include any scope
not originally granted by the resource owner, and if omitted is
treated as equal to the scope originally granted by the
resource owner.
TokenGenerator._get_refresh_token
doesn't leave thescope
attribute onself.access_token
alone if the request had noscope
parameter (i.e.self.scope is None
).RFC 6749 says:
Fix to be attached shortly…