In the OAuth2 scheme, the method "refreshTokens" makes a POST request to the token server that looks something like the following. The second query parameter in that code uses "scopes" but the spec says it should be "scope", singular. I don't know about other OAuth2 servers but in this case I'm using Azure AD and I've verified that "scope" is what it expects and it works, "scopes" does not work.
In the OAuth2 scheme, the method "refreshTokens" makes a POST request to the token server that looks something like the following. The second query parameter in that code uses "scopes" but the spec says it should be "scope", singular. I don't know about other OAuth2 servers but in this case I'm using Azure AD and I've verified that "scope" is what it expects and it works, "scopes" does not work.