why passing requests kwargs that may contain request params to refresh_token request ?

[ollofx]

https://github.com/requests/requests-oauthlib/commit/9188065809f0a783af4c6d83c4562e1be112114b

this is an issue, as it sends to the request_token url anything passed to a regular request and add it to the body of refresh_token

is there any justification ? what is sent to the regular end-point should not reach the refresh_token endpoint, only auto_refresh_kwargs should be used.

and why not using the client_id provided within the client, for instance for Legacy Application Flow

[jmoraleda]

I believe this the same as issue 3 in https://github.com/requests/requests-oauthlib/issues/264