which then causes logins with duration of more than 60m to time out and
not be able to refresh as of the missing refresh token. The "offline"
access type should ensure the token always contains a refresh token and
the user can be active for longer than 60m.
Signed-off-by: Knut Ahlers <knut@ahlers.me>