Add scope to token refresh request

[lancerushing]

Fixes #447

[gopherbot]

This PR (HEAD: ff6afb7) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/264037 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Go Bot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://golang.org/doc/contribute.html#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/264037.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: cf02433) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/264037 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

This PR (HEAD: fa2a674) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/264037 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[andig]

I would be interested in this. The VW api needs the scopes during token refresh.

[zak905]

any updates about this ? It is actually quiet common to require scopes in the token refresh request

[zak905]

Microsoft for example requires scopes in the refresh response: https://docs.microsoft.com/en-us/graph/auth-v2-user?context=graph%2Fapi%2F1.0&view=graph-rest-1.0#5-use-the-refresh-token-to-get-a-new-access-token

@gopherbot

[gopherbot]

Message from zakaria amine:

Patch Set 3:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/264037.
After addressing review feedback, remember to publish your drafts!

[zak905]

actually, it seems like even if Microsoft mentions that scopes are required, the refresh request is successfull without scopes

[andig]

In relation to the proposal https://groups.google.com/g/golang-nuts/c/RJSNRbUvIPE/m/1qW_D6uMBAAJ I would propose a slightly different approach. Instead of adding additional options to the existing token refresh handling, I would prefer if a custom token refresher could be specified that allows fully tweaking the refresh, e.g. by adding the required headers needed for #483.

Didn't receive any feedback on groups though.

[zak905]

Thanks (Not sure about the expires_in, seems to work properly. Do you have any use case? ), I like your proposal concerning the TokenSource, why not even create a new TokenSource, something like ConfigurableTokenSource, instead of modifying the existing one. I think the best way to convince project maintainers is to submit a PR, they may not see the use case immediately

[andig]

Not sure there's much use in another PR. I've commented in the groups discussion, maybe it can spark some interest.

[vijaytdh]

There are at least 2 other PRs that have similarly had no response...
#621
#579