Refresh token is not read if expires_in or expires_at is not present #143
Description
I'm implementing a custom strategy for one provider I need to integrate with, and they do not return the expiration of the token, I know that this is a bad practice but it's their implementation. They do return a refresh_token so I can update the token if I want, but because of this code, the refresh_token is only read if the expiration is set:
I was reading the OAuth RFC, and noticed that the expiration is recommended, but not required: https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2
I can send a patch to change this, but I'm wondering if this might break something or if I should add an option for this behavior, any advice?
For now, I did a hack on my strategy to set the expiration to an arbitrary value and it solved the issue for me:
option :auth_token_params, { expires_at: 100.years.from_now }