@marco.ancona * If you use Passwordless authentication through the hosted login page then refresh tokens should be available I believe. if you are using Rules within your application, it’s possible that these may give rise to obscure problems relating to Refresh Token exchanges. Where you able to implement your solution?