Hi @onpaws,
Thanks for trying out the new feature! In that default configuration with refresh tokens turned on, you will be storing the refresh token in memory. So when you come to the app fresh or refresh the page, you won’t have a refresh token.
In any event that you don’t have a refresh token, the SDK falls back to the legacy iframe method to try and get you an access token and a refresh token based on your existing session. This unfortunately has all the pitfalls of requiring 3rd-party cookies to work, so if they are blocked, getting a new refresh token won’t work in this case.
We added another new feature to this SDK to get around this somewhat, which is an opt-in to storing tokens in local storage. This can be configured by setting cacheLocation to localstorage, which means the tokens can be persisted across page refreshes.
Give that a try and let me know how you get on. I will make sure this detail is covered properly in the readme 