@@ -593,11 +593,7 @@ async def get_access_token(
593593 if not audience :
594594 audience = auth_params .get ("audience" , None )
595595
596- merged_scope = self ._get_scope_to_request (
597- scope ,
598- auth_params .get ("scope" , None ),
599- audience or self .DEFAULT_AUDIENCE_STATE_KEY
600- )
596+ merged_scope = self ._merge_scope_with_defaults (scope , audience )
601597
602598 if state_data and hasattr (state_data , "dict" ) and callable (state_data .dict ):
603599 state_data_dict = state_data .dict ()
@@ -623,14 +619,14 @@ async def get_access_token(
623619
624620 # Get new token with refresh token
625621 try :
626- request_body = {"refresh_token" : state_data_dict ["refresh_token" ]}
622+ get_refresh_token_options = {"refresh_token" : state_data_dict ["refresh_token" ]}
627623 if audience :
628- request_body ["audience" ] = audience
624+ get_refresh_token_options ["audience" ] = audience
629625
630626 if merged_scope :
631- request_body ["scope" ] = merged_scope
627+ get_refresh_token_options ["scope" ] = merged_scope
632628
633- token_endpoint_response = await self .get_token_by_refresh_token (request_body )
629+ token_endpoint_response = await self .get_token_by_refresh_token (get_refresh_token_options )
634630
635631 # Update state data with new token
636632 existing_state_data = await self ._state_store .get (self ._state_identifier , store_options )
@@ -649,19 +645,24 @@ async def get_access_token(
649645 f"Failed to get token with refresh token: { str (e )}
650646 )
651647
652- def _get_scope_to_request (
648+ def _merge_scope_with_defaults (
653649 self ,
654- request_scopes : Optional [str ],
655- default_scopes : Optional [str ] | Optional [dict [str , str ]],
650+ request_scope : Optional [str ],
656651 audience : Optional [str ]
657652 ) -> Optional [str ]:
658- # For backwards compatibility, allow scope to be a single string
659- # or dictionary by audience for MRRT
660- if isinstance (default_scopes , dict ) and audience in default_scopes :
661- default_scopes = default_scopes [audience ]
653+ audience = audience or self .DEFAULT_AUDIENCE_STATE_KEY
654+ default_scopes = ""
655+ if self ._default_authorization_params and "scope" in self ._default_authorization_params :
656+ auth_param_scope = self ._default_authorization_params .get ("scope" )
657+ # For backwards compatibility, allow scope to be a single string
658+ # or dictionary by audience for MRRT
659+ if isinstance (auth_param_scope , dict ) and audience in auth_param_scope :
660+ default_scopes = auth_param_scope [audience ]
661+ else :
662+ default_scopes = auth_param_scope
662663
663664 default_scopes_list = (default_scopes or "" ).split ()
664- request_scopes_list = (request_scopes or "" ).split ()
665+ request_scopes_list = (request_scope or "" ).split ()
665666
666667 merged_scopes = default_scopes_list + [x for x in request_scopes_list if x not in default_scopes_list ]
667668 return " " .join (merged_scopes ) if merged_scopes else None
@@ -1196,12 +1197,14 @@ async def get_token_by_refresh_token(self, options: dict[str, Any]) -> dict[str,
11961197 if audience :
11971198 token_params ["audience" ] = audience
11981199
1199- # Add scope if present in options or the original authorization params
1200- scope = options .get ("scope" )
1201- if scope :
1202- token_params ["scope" ] = scope
1203- elif "scope" in self ._default_authorization_params :
1204- token_params ["scope" ] = self ._default_authorization_params ["scope" ]
1200+ # Merge scope if present in options with any in the original authorization params
1201+ merged_scope = self ._merge_scope_with_defaults (
1202+ request_scope = options .get ("scope" ),
1203+ audience = audience
1204+ )
1205+
1206+ if merged_scope :
1207+ token_params ["scope" ] = self .merged_scope
12051208
12061209 # Exchange the refresh token for an access token
12071210 async with httpx .AsyncClient () as client :
0 commit comments