jumbojett · azmeuk · Nov 20, 2021 · Jul 7, 2020 · Jul 7, 2020 · Jul 7, 2020
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 * getRedirectURL() will not log a warning for PHP 7.1+ #179
 * it is now possible to disable upgrading from HTTP to HTTPS for development purposes by calling `setHttpUpgradeInsecureRequests(false)` #241
 * bugfix in getSessionKey when _SESSION key does not exist #251
+ Added scope parameter to refresh token request #255
 * bugfix in verifyJWTclaims when $accessToken is empty and $claims->at_hash is not #276
 * bugfix with the `empty` function in PHP 5.4 #267
 

diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
@@ -815,6 +815,7 @@ public function refreshToken($refresh_token) {
             'refresh_token' => $refresh_token,
             'client_id' => $this->clientID,
             'client_secret' => $this->clientSecret,
+            'scope'         => implode(' ', $this->scopes),
         );
 
         // Convert token params to string format