I am working on an implementation of spring-authorization-server and want to add support for the offline_access scope as described in the openid-connect rfc. When the offline_access scope is requested, then a refresh_token is issued.
Currently the spring-authorization-server project issues a refresh token when a RegisteredClient contains AuthorizationGrantType.REFRESH_TOKEN. I would like to change this behavior so that the the client must request the offline_access scope in order for a refresh token to be issued.
What is the best way to add support for this? Initially, I copied all of the code from OAuth2AuthorizationCodeAuthenticationProvider into my own custom implementation and edited the conditional statement that determines whether or not refresh token should be issued. However, I would like to avoid copying and overriding this for maintainability reasons.