Client identifier is not required in RefreshAccessTokenRequest.

Will only be included in the request body for client authentication.
rohe · Apr 12, 2016 · 77f4859 · 77f4859
1 parent 361962d
commit 77f4859
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/oic/oauth2/message.py b/src/oic/oauth2/message.py
@@ -1003,8 +1003,8 @@ class RefreshAccessTokenRequest(Message):
     c_param = {
         "grant_type": SINGLE_REQUIRED_STRING,
         "refresh_token": SINGLE_REQUIRED_STRING,
-        "client_id": SINGLE_REQUIRED_STRING,
         "scope": OPTIONAL_LIST_OF_SP_SEP_STRINGS,
+        "client_id": SINGLE_OPTIONAL_STRING,
         "client_secret": SINGLE_OPTIONAL_STRING
     }
     c_default = {"grant_type": "refresh_token"}