Doorkeeper.config.calculate_grant_flows does not list refresh_token if refresh tokens are enabled

[ThisIsMissEm]

Steps to reproduce

When using Doorkeeper with refresh tokens enabled, the returned grant flows from calculate_grant_flows does not list refresh_token despite this being a valid grant flow. The deprecated calculate_token_grant_types method did add refresh_token to the list of configured grant flows.

Without this, code for getting the full list of grant flows supported, such that you can support RFC 8414, is required to be:

  def grant_types_supported
    grant_types_supported = Doorkeeper.configuration.grant_flows.dup
    grant_types_supported << 'refresh_token' if Doorkeeper.configuration.refresh_token_enabled?
    grant_types_supported
  end

Expected behavior

Doorkeeper should expose all configured grant flows via a method, including the refresh_token grant flow

Actual behavior

Doorkeeper does not expose the refresh_token grant flow if refresh tokens are enabled.

System configuration

Doorkeeper initializer:

# config/initializers/doorkeeper.rb
Doorkeeper.configure do
  use_refresh_token
end

Ruby version: 3.3.5

Gemfile.lock: n/a - Doorkeeper @ 5.7.1

[ThisIsMissEm]

I did just notice that we have the following in mastodon:

Doorkeeper.configure do
  # ...
  grant_flows %w(authorization_code client_credentials)
  # ...
end

I guess arguably we should add refresh_token into that, however, perhaps the use_refresh_tokens should warn or error if the refresh token grant flow isn't enabled?

[ThisIsMissEm]

The refresh_token flow also isn't mentioned in https://github.com/doorkeeper-gem/doorkeeper/blob/main/lib/generators/doorkeeper/templates/initializer.rb#L354-L370

[ThisIsMissEm]

I have just found token_grant_flows which does do the same logic as above, but if you have grant_flows containing refresh_token then the refresh token flow is listed twice (not sure if this would cause problems), but it should probably be made unique