The token endpoint response includes a scope value that represents the requested scopes minus the offline_access one so one possible explanation is if you have a rule to restrict the issued scopes and that rule restricts the scopes being issued to not include the offline access one. I just updated a sample rule on a previous question to include a note about handling offline access when restricting scopes in rules so if you’re in that situation you may want to look at the linked quesion; have in mind, that the example rule in the linked question makes some assumptions so it should only be used if you consider it applicable also to your scenario.