Hey there @youssef!
Despite the fact that useRefreshTokens is set to true, the fact that there is no refresh token returned when a user logs in leads me to believe that the offline_access scope is missing in the /authorize request. The offline_access scope is required in order for a refresh token to be returned. See:
https://auth0.com/docs/secure/tokens/refresh-tokens/get-refresh-tokens
Hope this helps!