From e7077f19fde7680599ef0d599a715fddff6f92b2 Mon Sep 17 00:00:00 2001
From: William Denniss <wdenniss@google.com>
Date: Fri, 21 Sep 2018 09:49:23 -0700
Subject: [PATCH] Remove `scope` from the token refresh request as it is
 redundant

Scope is a valid parameter for the Refresh Token request (Sectiom 6 of
RFC 6749), however it's optional and when ommitted is treated as equal
to the scope originally granted by the resource owner. Since the
indented behavior of this convenience method is to create a token
refresh with the full scope, it's redundant to include.

Related to b5870c0bc6f65cb4004d697722612cd4a1019ab8 but slightly
different reason.
---
 Source/OIDAuthState.m | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Source/OIDAuthState.m b/Source/OIDAuthState.m
index 8b141a667..d084ef1fd 100644
--- a/Source/OIDAuthState.m
+++ b/Source/OIDAuthState.m
@@ -414,7 +414,7 @@ - (OIDTokenRequest *)tokenRefreshRequestWithAdditionalParameters:
                 redirectURL:nil
                    clientID:_lastAuthorizationResponse.request.clientID
                clientSecret:_lastAuthorizationResponse.request.clientSecret
-                      scope:_lastAuthorizationResponse.request.scope
+                      scope:nil
                refreshToken:_refreshToken
                codeVerifier:nil
        additionalParameters:additionalParameters];