the refresh tokens which are currently issued by Keycloak contain standard
JWT claims and references to the Keycloak session. Additionally they also
contain realm roles and client role information together with the used
I'm wondering whether roles and scope information is required for refresh
tokens or could even be removed?