Auth0 Home Blog Docs

Can't generate refresh token for Salesforce Authentication Provider

I’m trying to the use Saleforce Authentication Provider with Auth0. I can get the OAuth token, but I keep getting the error

“The authentication provider didn’t provide a refresh token. If the access token expires, your org won’t be able to access this named credential”

I’ve tried to follow the information on how to enable refresh tokens

The application is OIDC Compliant

I’ve configured the Salesforce Authentication provider with the audience of the API.
I’ve configured the Named Credential to request the openid profile offline_access scopes
I’ve configured the API to allow offline_access.

The request to Auth0 matches the documentation
https://xxxx.auth0.com/authorize?
audience={API_AUDIENCE}&
scope=offline_access&
response_type=code&
client_id=xxxx&
redirect_uri=https://login.salesforce.com/services/authcallback/xxxxxxxx&
state={OPAQUE_VALUE}

The token exchange succeeds, but I don’t get the refresh token.

Is there something else that I’m missing? I did get this to work one time, but now I’m trying to document the steps, and can’t seem to reproduce the state where this is successful.