Before reporting an issue

[X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

oidc

Describe the bug

Based on Refreshing an Access Token :

> The authorization server MAY issue a new refresh token, in which case
the client MUST discard the old refresh token and replace it with the
new refresh token. The authorization server MAY revoke the old
refresh token after issuing a new refresh token to the client.

In Keycloak you can not return refresh token in refresh token flow using SuppressRefreshTokenRotationExecutor policy executor.
Another way is after geting refresh token to disable 'Use refresh tokens' client parameter.

User get refresh token for a client 'Use refresh tokens' including offline_access scope. This is offline type refresh token.
User do refresh token flow. A new access token will be returned without a new refresh token.

This PR has added check for being offline type based on return refresh token (if exists).
As you see from above scenario, this could lead to an offline refresh flow to characterize as no offline.
This lead in RefreshTokenGrantType line 85 to try update user session for offline user session.

For regular cases, although no error is thrown, I do not know what happens during offline user session update.
The most important is that this scenario will not work during Keycloak restart (or upgrade). After restart, if you try to execute refresh token flow with a refresh token produced before restart, a NullPointerException will be thrown .As you know, offline refresh token lives after restart

Check for refresh token must be done based on refresh token request parameter.

Version

25.0.1

Regression

[X] The issue is a regression

Expected behavior

• In the scenario mentioned, user session must not refreshed in refresh token flow.

• Offline refresh token flow must always work with offline refresh token produced before Keycloak restart.

Actual behavior

• In the scenario mentioned, user session is refreshed in refresh token flow.

• Offline refresh token flow with offline refresh token produced before Keycloak restart, returns NullPointerException.

How to Reproduce?

• Client with 'Use refresh tokens' parameter.
• Use SuppressRefreshTokenRotationExecutor policy executor for this client.
• User get refresh token for this client including offline_access scope. This is offline type refresh token.
• Keycloak restart
• Execute refresh token flow with a refresh token produced before restart

Anything else?

No response