From 68d6d4e35ebc15e74d54cbe686a3c117f3513812 Mon Sep 17 00:00:00 2001
From: Dmytro Tananayskiy <dmitriyminer@gmail.com>
Date: Mon, 17 Sep 2018 20:52:27 +0300
Subject: [PATCH 1/2] Add Scope specifies optional requested permissions for
 tokenRefresher

Some OAuth providers require "scope" value with "refresh_token" grant type
---
 oauth2.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/oauth2.go b/oauth2.go
index 291df5c83..0658906cb 100644
--- a/oauth2.go
+++ b/oauth2.go
@@ -267,10 +267,16 @@ func (tf *tokenRefresher) Token() (*Token, error) {
 		return nil, errors.New("oauth2: token expired and refresh token is not set")
 	}
 
-	tk, err := retrieveToken(tf.ctx, tf.conf, url.Values{
+	v := url.Values{
 		"grant_type":    {"refresh_token"},
 		"refresh_token": {tf.refreshToken},
-	})
+	}
+
+	if len(tf.conf.Scopes) > 0 {
+		v.Set("scope", strings.Join(tf.conf.Scopes, " "))
+	}
+
+	tk, err := retrieveToken(tf.ctx, tf.conf, v)
 
 	if err != nil {
 		return nil, err

From 23290a81065a111c0271fee773471fcaa95a8b6c Mon Sep 17 00:00:00 2001
From: Dmytro Tananayskiy <dmitriyminer@gmail.com>
Date: Tue, 18 Sep 2018 13:21:43 +0300
Subject: [PATCH 2/2] Update test TestTokenRefreshRequest

---
 oauth2_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oauth2_test.go b/oauth2_test.go
index b7975e166..c278f93cd 100644
--- a/oauth2_test.go
+++ b/oauth2_test.go
@@ -440,7 +440,7 @@ func TestTokenRefreshRequest(t *testing.T) {
 			t.Errorf("Unexpected Content-Type header %q", headerContentType)
 		}
 		body, _ := ioutil.ReadAll(r.Body)
-		if string(body) != "grant_type=refresh_token&refresh_token=REFRESH_TOKEN" {
+		if string(body) != "grant_type=refresh_token&refresh_token=REFRESH_TOKEN&scope=scope1+scope2" {
 			t.Errorf("Unexpected refresh token payload %q", body)
 		}
 		w.Header().Set("Content-Type", "application/json")