Remove refresh_token from OAuth2 result. Return the same access_token as a refresh_token in case when it's requested. Make access_tokens to live forever.

api/components/Tokens/TokensFactory.php

@@ -68,7 +68,7 @@ class TokensFactory extends Component {
      * @return string
      */
     private function prepareScopes(array $scopes): string {
-        return implode(',', array_map(function($scope): string {
+        return implode(',', array_map(function($scope): string { // TODO: replace to the space if it's possible
             if ($scope instanceof ScopeEntityInterface) {
                 return $scope->getIdentifier();
             }