Get google refresh token from keycloak

Question

To integrate google-calendar in my backend i needs the end-user refresh token from google.

the needs is to reuse this refresh_token to push data into the end-user calendar when i get events in my system. So the request to push the event does not came from the user itself. (maybe i'm doing wrong)

Once my authorization from keycloak is done i can see the refresh token in the federated_identity table in keycloak database.

But when i get a token from the exchange_token flow all i get is an access token here is my request

const token = await this.oidcIssuer.client.grant({
      grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
      subject_token: subjectToken,
      requested_issuer: 'google',
});


---
{
access_token: '{token}',
expires_at: 1733331276,
refresh_expires_in: 0,
token_type: 'Bearer',
'not-before-policy': 0,
scope: 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid',
issued_token_type: 'urn:ietf:params:oauth:token-type:access_token',
'account-link-url': '{authUrl}/broker/google/link?nonce={nonce}'
}

i've already try the requested_token_type=urn:ietf:params:oauth:token-type:refresh_token but i got this error : invalid_target (response_token_type_unsupported) and all i see in keycloak logs is

2024-12-04 15:58:32,454 WARN  [org.keycloak.events] (executor-thread-52) type="TOKEN_EXCHANGE_ERROR", realmId="5c2574da-3056-4d38-949f-7cd9d9596ad9", realmName="boseat", clientId="", userId="null", ipAddress="172.20.0.3", error="invalid_request", reason="requested_token_type unsupported", auth_method="token_exchange", grant_type="urn:ietf:params:oauth:grant-type:token-exchange", requested_issuer="google", client_auth_method="client-secret"

I would like to know if there is a way to get a jwt with a refresh_token field, if not do someone know a workaround ?