This is a situation that we are already tracking; at this time, if you need the refresh token exchange to also return an ID token then you need to do one of the following actions:
- in the Dashboard go to client application advanced settings, select the OAuth section and enable the OIDC Conformant toggle.
- in the original request to the authorize endpoint include an audience parameter; for example, you can make the request with an audience set to
https://[your_account].auth0.com/userinfo
.
Have in mind that both of the above options will imply that requests from your client application will strictly follow the OpenID Connect specification. This may mean some breaking changes so do check the reference documentation.