Hi @tyf thanks for you answer, and sorry for the late reply.
The permissions are present only after the 2nd login, or using the refresh_token to get a new token.
But I wonder why they are not present on the access_token I get just after the 1st login?
I would prefer not to go with the silent auth methods as it will complicate my workflow.