V5 requires client-id with auth token?

Since some api requests require certain scopes, sending an oauth token for those is required, and “just send a client ID every time” is redundant, as then both the client ID and the token would identify the same account (or what would happen if they were for different accounts?). Also, as LiraNuma said, DallasNChains explicitly said that we do not need to send a Client-ID if we already send an oauth token:

If you are passing in an OAuth token, we will figure out the Client-ID for you.

So to me this does look like a bug.