Add Scope specifies optional requested permissions for tokenRefresher

[dmitriyminer]

Some OAuth providers require "scope" value with "refresh_token" grant type

Format the payload of your POST request with the following values:
Set grant_type to refresh_token.
Set refresh_token to the refresh token value returned from the authorization code grant request.
Set scope to the same URL-encoded list of scopes that you used in the original consent request.
https://developer.ebay.com/api-docs/static/oauth-refresh-token-request.html

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

[googlebot]

CLAs look good, thanks!

[gopherbot]

This PR (HEAD: 8ddd60c) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/135935 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Gerrit User 5976:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
Within the next week or so, a maintainer will review your change and provide
feedback. See https://golang.org/doc/contribute.html#review for more info and
tips to get your patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11, it means that this CL will be reviewed as part of the next development
cycle. See https://golang.org/s/release for more details.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gerrit User 26193:

Patch Set 1: Code-Review+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: 429a0e6) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/135935 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Brad Fitzpatrick:

Patch Set 2: Run-TryBot+1

Which provider(s)? Can you elaborate in the commit message?

Do any docs need updating?

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gobot Gobot:

Patch Set 2:

TryBots beginning. Status page: https://farmer.golang.org/try?commit=bff90cd8

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gobot Gobot:

Patch Set 2: TryBot-Result+1

TryBots are happy.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[dmitriyminer]

@bradfitz for example Ebay refresh token flow

[gopherbot]

This PR (HEAD: 3501dcb) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/135935 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Brad Fitzpatrick:

Patch Set 4: Run-TryBot+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gobot Gobot:

Patch Set 4:

TryBots beginning. Status page: https://farmer.golang.org/try?commit=529449ff

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gobot Gobot:

Patch Set 4: TryBot-Result+1

TryBots are happy.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: 3e182ca) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/135935 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Dave Dykstra:

Patch Set 5: Code-Review+1

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Dave Dykstra:

Patch Set 5:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[DrDaveD]

This PR very simply fixes a bug which prevents compliance with the Oauth 2.0 standard in RFC 6749 section 6 "Refreshing an Access Token" . Please merge this.

[gopherbot]

Message from Dave Dykstra:

Patch Set 5:

(2 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go Bot:

Patch Set 2:

TryBots beginning. Status page: https://farmer.golang.org/try?commit=bff90cd8

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go Bot:

Patch Set 2: TryBot-Result+1

TryBots are happy.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go Bot:

Patch Set 4:

TryBots beginning. Status page: https://farmer.golang.org/try?commit=529449ff

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go Bot:

Patch Set 4: TryBot-Result+1

TryBots are happy.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[lancerushing]

I submitted #448 , which is almost a duplicate of this (minor formatting difference).

RFC: https://tools.ietf.org/html/rfc6749#section-6

   scope
         OPTIONAL.  The scope of the access request as described by
         Section 3.3.  

This patch brings the go implementation within rfc6749 specification for sending refresh requests.

Go documentation should _not_ need to be changed.

Why it is useful: oauth2 allows the refresh request to specify a subset of the scopes available to the client. Allowing the client to receive an access token with less scopes. (intersection of the available scopes and the requested scopes). The new access token is "safer" to use because of limited permissions/scopes. https://www.oauth.com/oauth2-servers/access-tokens/refreshing-access-tokens/ has a good paragraph on it.

[google-cla]

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

[gopherbot]

This PR (HEAD: 9059d14) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/135935 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

This PR (HEAD: 23290a8) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/135935 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Dave Dykstra:

Patch Set 7:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[niclasgeiger]

Are there any updates on this? This PR would actually resolve issues with refreshing tokens against Azure Active Directory we face right now.

[DrDaveD]

You might have a better chance if you commented on gerrit, although I tried it and it also didn't go anywhere.

[dmitriyminer]

Looks like we're stuck
@rsc @bradfitz can you help to revive this pull request?

[gopherbot]

This PR (HEAD: 83feb76) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/135935 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Vijay Thakorlal:

Patch Set 8:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[dmitriyminer]

@rsc @bradfitz
I'm kindly asking for your help in taking a look at this merge request. It has been left unaddressed and I believe that it adds a valuable fix.
Thank you

[gopherbot]

Message from Dmytro Tananayskiy:

Patch Set 8:

(2 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/135935.
After addressing review feedback, remember to publish your drafts!

[andig]

Kindly asking @rsc @bradfitz for a response