Migration should fail gracefully even on wrong RT

Author: rayluo

msal/application.py

@@ -284,7 +284,7 @@ def get_authorization_request_url(
             Can be one of "consumers" or "organizations" or your tenant domain "contoso.com".
             If included, it will skip the email-based discovery process that user goes
             through on the sign-in page, leading to a slightly more streamlined user experience.
-            More information on possible values 
+            More information on possible values
             `here <https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code>`_ and
             `here <https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-oapx/86fb452d-e34a-494e-ac61-e526e263b6d8>`_.
         :return: The authorization url as a string.
@@ -726,9 +726,10 @@ def acquire_token_by_refresh_token(self, refresh_token, scopes):
         """
         return self.client.obtain_token_by_refresh_token(
             refresh_token,
-            decorate_scope(scopes, self.client_id),
+            scope=decorate_scope(scopes, self.client_id),
             rt_getter=lambda rt: rt,
             on_updating_rt=False,
+            on_removing_rt=lambda rt_item: None,  # No OP
             )