I am trying to implement the Resource Owner Password Grant flow.
I am doing a POST /oauth/token including grant_type=password, client_id, audience, username, password and scope = openid offline_access
I was expecting to get an access token, id token and refresh token but the refresh token is missing. This should be possible according to this: https://auth0.com/docs/tokens/refresh-token/current#restrictions-on-refresh-token-usage
Am I doing something wrong?