Not getting refresh_token on PKCE flow

I’ve implemented PKCE flow on a SPA (web), but I’m not getting the refresh_token from the token endpoint.

I’m doing the flow myself, not using the auth0.js.

I created a “native” app in the dashboard and first used the default “Auth0 Management API” API as audience, but I’ve read in the docs that I should enable the “Allow Offline Access” checkbox and that API didn’t have it, so I created a new API and enabled that checkbox, but there is no difference.

The PKCE flow works fine, I log in on my Auth0 app, get the code and use it to post to the token endpoint, but the endpoint returns
access_token: “theaccesstoken”
id_token: “theidtoken”
scope: “openid profile email offline_access”
expires_in: 86400
token_type: “Bearer”

But no refresh_token

My post to the token endpoint looks like:
grant_type: authorization_code
client_id: (my client id)
code_verifier: (the verifier)
code: (code I got after log in)
redirect_uri: http://localhost:8100

any ideas?

If I try from Postman with same params the refresh_token is there, so is it blocked if I send the request from javascript? something to do with headers or origin?

ok, today is working, nothing changed on my side. :man_shrugging: