Yes, offline_access is required if you’d like to use a Refresh Token. That is okay that you are not including other scopes. The issue I’ve seen in the past is a result of setting scopes/audience in the AuthModule.forRoo and then making another request after authentication takes place with a different audience/scope. It doesn’t sound like that is the issue here.
I’m having trouble recreating this issue in Safari. Could you generate and send a HAR file to help me troubleshoot? Be sure to remove any sensitive data:
Thank you!