refresh_token and client_id

[jvanasco]

I've been updating my integration library for oauthlib against pyramid and discovered something through typing and various updates: OAuth2Session.refresh_token does not accept client_id, and does not utilize the existing ones - or utilize the new include_client_id if provided.

Can someone confirm that client_id is not required for this, and it's just a peculiarity of my test system due to all the APIs i've tested against requiring it?

Thank you.

See also:
* #554
* oauthlib/oauthlib#880

[pursual]

Refresh token seems broken. The docs say to include id and secret in the "extra" variable that gets passed to auto_refresh_kwargs.

But when the time comes for refresh, the code only looks for id and secret in the params of the current request() call? auto_refresh_kwargs is only used to add to the body. So the line that is trying to create the auth header is skipped.

           except TokenExpiredError:
                if self.auto_refresh_url:
                    log.debug(
                        "Auto refresh is set, attempting to refresh at %s.",
                        self.auto_refresh_url,
                    )

                    # We mustn't pass auth twice.
                    auth = kwargs.pop("auth", None)
                    if client_id and client_secret and (auth is None):  <----id and secret are none. They are in self.auto_refresh_kwargs
                        log.debug(
                            'Encoding client_id "%s" with client_secret as Basic auth credentials.',
                            client_id,
                        )
                        auth = requests.auth.HTTPBasicAuth(client_id, client_secret)
                    token = self.refresh_token(
                        self.auto_refresh_url, auth=auth, **kwargs
                    )