According to the documentation, when refreshing a access token in the oath 2.0 flow the parameter scope is required.
Is this a mistake in the documentation or maybe future proofing?
I have tested this locally and when I don't supply any scope when refreshing the access token I still just get a new access token with the original scope.
For our application it is easier to not have to keep track of the scopes after the initial step so I want to make sure that this does not cause any issues.