When we use a Social connection and offline_access scope for Azure AD, then Auth0 stores the Azure AD refresh_token and access_token in identities object in user.
But we when use OpenID Connect enterprise connection and offline_access scope for the same Azure AD application, then Auth0 doesn’t store the Azure AD refresh_token and access_token in identities object in user.
Is this expected behavior? Is there no way to get Azure AD refresh_token and access_token when using OpenID Connect?
Unfortunately Enterprise OpenID connections don’t currently support IDP access_tokens or refresh_tokens, however I confirmed that this is on the product roadmap and could be released as early as April 2023.