From cc6eb63dd83c4b13b2dcb7b522e5f495cc20e3f3 Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Mon, 6 Nov 2017 21:23:52 +0000
Subject: [PATCH] Remove default scope from the Refresh Token Grant

---
 src/Grant/RefreshTokenGrant.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php
index 4fda5974..d03b4edb 100644
--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@@ -44,7 +44,7 @@ class RefreshTokenGrant extends AbstractGrant
         // Validate request
         $client = $this->validateClient($request);
         $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
-        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
+        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
 
         // If no new scopes are requested then give the access token the original session scopes
         if (count($scopes) === 0) {