RFC 7523: Support refresh token for specified client

[eonie]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Cloud project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe your problem

In some scenarios，i need to get access token without a direct user-approval step at the Hydra server. For example , i want to integrate my existing application for user login and virify access token through Hydra. In the same time, i want to support Github Oauth2 for user who want to use.
So, I'm going to use the RFC7523 to get the access token when user passed the Github authentication。
Now the RFC7523 grant type only return bearer access token like this

{
    "access_token": "TIauaolbD9nUdAzLnpsLt9ljrxYhr0IbckRJMcFwkDU.NDGVZNOYD9XylETIi5uC5ZRdHcZGQ8vKM6qCKsDyXCE",
    "expires_in": 3599,
    "scope": "openid offline",
    "token_type": "bearer"
}

After the token expired, user will need to get a new access token.

Describe your ideal solution

Based on the above description，i hope Hydra could return refresh token for client which has grant type refresh_token, and then the application could get a new access token by the refresh_token.

Workarounds or alternatives

None

Version

1.11.10

Additional Context

No response

[vinckr]

Hello @eonie
Sorry for the late response, have you found a solution in the meantime?

For integrating "Login with github" I would recommend using Ory Kratos, that implements all self-service user flows like signup, login etc. and also integrates nicely with OIDC compliant servers, e.g. Github https://www.ory.sh/docs/kratos/social-signin/github as well as Ory Hydra and solves your issue.

I will mark the discussion as answered now, but feel free to come back to this discussion at any time!