I found this post that was closed in 2019 that describes my problem: How to get originally granted scopes when renewing token in Auth0 Rules?
When refreshing an access token, the originally granted scopes is nowhere to be found when a rule or action is executed. We have some logic in auth0 rules adding som data to the access token if a custom scope is provided in the request body, and are now trying to add refresh tokens to our application.
I am using the auth0 express-openid-connect middleware, and could pass the scopes to the refresh request. But omitting the scopes in the refresh request should result in it being treated as equal to the scope originally granted by the resource owner.
Should I have to resend the scopes in the request for refreshing my access token in order to see them within a rule or action?