Store refresh_token in extra_data

Description

I'm converting one of our applications from OIDC to the OAuth2/JWT SSO backend, and encountered a regression.

During the SSO process, a unique `access_token` for each user gets saved in the `user_social_auths` `extra_data` field. However, that access token expires after one hour. With the OIDC provider, if the application wanted to get a new access token for the user in question, it could do so using the `refresh_token`, which was also stored in `extra_data`. (Or another option would be to start the SSO process over again, but that's slow, interrupts the user, and doesn't work in non-interactive contexts like backend celery workers.)

However, the OAuth2/JWT backend was not storing the `refresh_token` in `extra_data`. This PR fixes that, so that the refresh token will be stored.

Now, when using the OAuth2/JWT backend, the `refresh_token` will be saved, and applications can get a new `access_token` for the user after the initial one expires, with e.g.

```python
new_token_data = requests.post(f'{openedx_lms_url}/oauth2/access_token', data={
'client_id': settings.SOCIAL_AUTH_EDX_OAUTH2_KEY,
'client_secret': settings.SOCIAL_AUTH_EDX_OAUTH2_SECRET,
'grant_type': 'refresh_token',
'refresh_token': user_social_auth.extra_data['refresh_token'],
}).json()
user_access_token = new_token_data['access_token']
```
However, some care must be taken as the new access token obtained that way will be a "regular" OAuth2 access token instead of a JWT.

Status

Assignee

Unassigned

Reporter

Open Source Pull Request Bot

Labels

Contributor Name

Braden MacDonald

Repo

edx/auth-backends

Customer

Epic Link

None

OSCM Assignee

None

Priority

Unset
Configure