Add scope to "authorization" and "refresh token" requests

[lancerushing]

I have a need to send the scope during token refresh.

RFC says: https://tools.ietf.org/html/rfc6749#section-6

   scope
         OPTIONAL.  The scope of the access request as described by
         Section 3.3.  The requested scope MUST NOT include any scope
         not originally granted by the resource owner, and if omitted is
         treated as equal to the scope originally granted by the
         resource owner.

I will submit PR.

[dmitriyminer]

@lancerushing, please vote #322