To do: Set $wgOAuth2RefreshTokenTTL in the OAuth extension on production Meta-Wiki to 365 days
By default, the $wgOAuth2RefreshTokenTTL is only one minute. This hasn't been a problem previously, because our access tokens were effectively infinite (see T265075).
Since we've brought the access token expiry down to human scale (hours, not billions of years), we need the refresh token to work, too.
When the refresh token expires, the user will have to go through authorisation again. So, we should choose a refresh time to be how long we want a user to go without logging in again.
Our Web interface lets you set a "remember me" cookie "for up to 365 days", so that is probably a good default here. We can adjust as needed in the future.