Auth0 Home Blog Docs

Not getting a refresh token from Auth0.authorize() - PKCE

I have a native app in Auth0, using the PKCE flow. When I call Auth0.authorize() from my Ionic app, using Auth0.js, I’m getting an access token and an ID token, but no refresh token.

I am passing the offline_access scope to Auth0.authorize() (as well as openid profile). The API I’m using has “Allow Offline Access” enabled. I have no rules defined.

The app in Auth0 has the following grants enabled in the advanced settings: Implicit, Authorization Code, Refresh Token.

In my config for Auth0 in my client app, I’m setting:

...,
audience: 'xxxxxxxxx', /* My API identifier */
responseType: 'token id_token'

My redirect callback is receiving hash params like:
access_token=xxxxx&scope=openid%20profile%20offline_access&expires_in=7200&token_type=Bearer&state=xxx&id_token=xxxxx but no refresh_token.

What am I missing?