Google OAuth: refresh_token discarded after first refresh

[re322]

Refreshing token for second time fails when using \yii\authclient\clients\Google.

What steps will reproduce the problem?

1. Authenticate with google asking for offline (persistent) access. This will require following parameters in URL: $client->buildAuthUrl(['access_type' => 'offline', 'prompt' => 'consent']);
2. Wait for token to expire (alternatively edit the state storage directly, changing createTimestamp from 16… to 10…)
3. Use the client (authclient will refresh token automatically)
4. Repeat step 2
5. Use the client again (it will try to refresh the token and fail)

What's expected?

A token being refreshed successfully every time.

What do you get instead?

After step 3: refresh_token isn't kept in state storage
After step 5: token refreshing fails.

Additional info

Replacing

$token = $this->createToken(['params' => $response]);

with

$token = $this->createToken(['params' => array_merge($token->getParams(), $response)]);

in \yii\authclient\OAuth2::refreshAccessToken (by overriding it in subclass or directly) seem to solve the issue.

I am not sure if this is Google not following OAuth2 spec, but other clients seem to provide new refresh_token while google does not provides new refresh_token and refreshing works with same refresh_token.

I am using a persistent StateStorageInterface implementation to store user's data in database.

Q	A
Yii version	dev-master 2a45591
Yii Auth Client version	2.2.10
Yii HTTP Client version	dev-master 18413a6
PHP version	7.4.6
Operating system	Windows 7 SP1

[samdark]

Interesting. Do you have time for a pull request?