Please include the following information in your post:
- Which SDK this is regarding: Node-auth0
- SDK Version: latest
- Platform Version: node 16?
- Code Snippets/Error Messages/Supporting Details/Screenshots: we’re using the passwordGrant method, and passing in “offline_access” in scope, but no refresh token is getting returned. Help Please! It works correctly when we do a password grant via HTTPS so I’m certain it isn’t our auth0 settings.
Is this a feature request or bug report? Unsure
Hi @matt.kaufman ,
Thank you for posting this topic on the Auth0 Community!
Could you please provide some details such as your scripts, what kind of application your project is, and screenshots for your testing or errors? Please feel free to remove/Pixelate the details that pertain to your tenant. Thanks!
2 Likes
Sure!
Its a Regular Web Application
Here’s our function call, feels very standard:
const data: Auth0.PasswordGrantOptions = {
username: email,
password,
scope: "openid offline_access",
realm: AUTH0_CONNECTION,
};
const options: Auth0.PasswordGrantAdditionalOptions = {
forwardedFor: ipAddress,
};
const tokens = await authorizationClient.passwordGrant(data, options);
We receive the following payload:
access_token: [token]
expires_in: 86400
id_token: [token]
scope: "openid profile email address phone"
token_type: "Bearer"
Note that this is missing the refresh_token
No errors are thrown
1 Like
Hi again @matt.kaufman! Good to know it’s working as expected using HTTPS, it’s almost like offline_access
is just being ignored here 
What happens if you omit the openid
scope and only include offline_access
? I believe openid
should be added regardless with the password grant. What about if you create a “dummy” API in Auth0 for testing purposes, enable it for offline access, and pass in an audience of the identifier?
Thinking out loud here @lihua.zhang 
Hi @matt.kaufman ,
Thank you for providing the additional context!
Could you please check if “Allow Offline Access” is switched on for the API? This doc has the details.
Also, according to this github scripts, the PasswordGrantOptions includes the audience parameter. Could you please add it and confirm how it goes? Thanks!
export interface PasswordGrantOptions {
username: string;
password: string;
realm?: string | undefined;
scope?: string | undefined;
audience?: string | undefined;
}
Hi! Turns out we were doing something wrong with our build environment, all is working! Thanks for your help 
1 Like
Hi @matt.kaufman, Thank you for the updates! Glad to know you have resolved this!

1 Like