Refresh with refresh_token not returning permissions

We’ve been working to move our authentication out to auth0. So far so good and we have password authentication working and we’ve enabled RBAC and therefore the access_token provides us with the permissions granted to a user.

The issue we’re running into is that when using the refresh_token to gain a new access_token, the access_token provided back is giving us the permissions array, but it is empty. Is there something we need to do/configure to allow the refresh to also include the permissions? Nothing stood out in the Application/API configurations.

Thanks in advance.

I guess we can close this out. Not sure what the issue was. Our initial testing using Postman the access_token coming back did not contain the perms but oddly after moving forward with the implementation in Go the access_token has them.

Sorry about that.