From 1402e5341e2a1a42773c5a18fd71ae74b96b2d66 Mon Sep 17 00:00:00 2001
From: Cory Benfield <lukasaoz@gmail.com>
Date: Fri, 14 Oct 2016 11:17:30 +0100
Subject: [PATCH] Prefer user-supplied auth credentials.

---
 requests_oauthlib/oauth2_session.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/requests_oauthlib/oauth2_session.py b/requests_oauthlib/oauth2_session.py
index 7b1ebc8f..5c46c2d1 100644
--- a/requests_oauthlib/oauth2_session.py
+++ b/requests_oauthlib/oauth2_session.py
@@ -333,8 +333,10 @@ def request(self, method, url, data=None, headers=None, withhold_token=False,
                 if self.auto_refresh_url:
                     log.debug('Auto refresh is set, attempting to refresh at %s.',
                               self.auto_refresh_url)
-                    auth = None
-                    if client_id and client_secret:
+
+                    # We mustn't pass auth twice.
+                    auth = kwargs.pop('auth', None)
+                    if client_id and client_secret and (auth is None):
                         log.debug('Encoding client_id "%s" with client_secret as Basic auth credentials.', client_id)
                         auth = requests.auth.HTTPBasicAuth(client_id, client_secret)
                     token = self.refresh_token(