[keycloak-user] Refresh token in client_credentials grant type

Hi, I have created a client with 'confidential' Access Type for a microservice which has to connect to other keycloak secured microservice. I enabled "Service Accounts Enabled" option, which "[...] in terms of OAuth2 specification, enables support of Client Credentials Grant for client". Everything seemed to be OK, until I saw a huge number of sessions for that client. It turned out that that the token endpoint returns a refresh token. A request interceptor I use in my microservice application just ignores the refresh token and uses client credentials to obtain the new one - which creates a new session every time new access token is issued. Oauth2 specification (https://tools.ietf.org/html/rfc6749#section-4.4.2) says that "A refresh token SHOULD NOT be included" for client_credentials grant type. So why is it included? Is the presence of refresh token configurable for 'confidential' Access Type and client_credentials grant? Best regards, Sebastian