I want to allow our application’s users to stay logged in for at least one month. I digged a little bit in the community, and I found this topic How to stay logged in forever(ish). So I enabled refresh token for our application, and added to Auth0Provider configuration this param : useRefreshTokens: true. But when a user log in, the token endpoint returns only : access_token and id_token but not refresh token.
Despite the fact that useRefreshTokens is set to true, the fact that there is no refresh token returned when a user logs in leads me to believe that the offline_access scope is missing in the /authorize request. The offline_access scope is required in order for a refresh token to be returned. See: https://auth0.com/docs/secure/tokens/refresh-tokens/get-refresh-tokens