Sorry to step in, but could you please explain the use case or the reasoning for offline tokens on service accounts? If I have understood it correctly you'll still need clientId and secret to generate the access token from the offline token. Why not just use them to login whenever necessary? Thanks!

Best regards,

Thomas