Refresh GitLab tokens after they expire (migration phase 2)

Refresh GitLab tokens after they expire

Part of #2838 (closed) which tracks GitLab 15.0 changes which includes all OAuth tokens getting expiry dates (previously never expired).

Dev notes

• https://docs.gitlab.com/14.10/ee/api/oauth2.html#authorization-code-flow

passport-oauth2

• http://www.passportjs.org/packages/passport-oauth2/
• https://github.com/ciaranj/node-oauth/blob/a7f8a1e21c362eb4ed2039431fb9ac2ae749f26a/lib/oauth2.js#L193-L209
• https://github.com/jaredhanson/passport-oauth2/blob/ee3fe9f17c0f3a90f2d9d938f267e9942b9fba49/lib/strategy.js#L176-L196
• https://github.com/jaredhanson/passport-oauth2/issues/77

There is a library to access token refreshes, passport-oauth2-refresh but I don't think we need it. We just need to do one API request and there is a lot more fluff in that library.

Todo

• Write migration script to run over the GitLab identities and migrate the identity.accessTokenSecret field (which we stored the refreshToken in for some reason previously) to identity.refreshToken
  • -> !2284 (merged)
• Merge minimal app code to write to the correct field and run migration script before these bigger app changes
  • -> !2284 (merged)
  • Shipped in Gitter 21.49.0
  • Migration ran against production, !2284 (comment 950739022)