We would like to capture the following events from direct access grant flow:
- user login with username and password
- access token refresh with a regular refresh token (when user is actively working in the system)
- access token refresh with an offline token (when user comes back to the system after days of inactivity)
Right now our flow is just #1 and #3, we always use offline token to get a new access token. But with this, we don’t have a clear idea if a user is coming back to the system after a month or it is just a regular refresh after 5 minutes of access token expire time.
Our ideal flow would be to do the initial login with offline_access scope, then immediatelly exchange the offline token for a regular refresh token which would be used when the user is actually live on the system. Offline token would be used for refresh only after regular refresh token expires.
I could not find any wat to exchange the offline token for a shorter lived refresh token through the direct grant API. Is it possible?