We’ve noticed users of our production environment getting a “Grant type
grant_type not allowed for the client.” error. This happens when our client side web application needs to use the refresh_token to get a new id_token.
After analysing this we think that our clients didn’t get the grant_types populated with all Auth0 legacy grant types. From the Web UI it’s impossible to configure this, the option “Legacy: Delegation Refresh Token” simply isn’t there. We’ve been able to use the Auth0 Management API to add the http://auth0.com/oauth/legacy/grant-type/delegation/refresh_token grant. After doing this however the Web UI still doesn’t show this option, and worse: making a change to the settings removes the grant.
Could you please investigate if and where this went wrong, and make us able to enable or disable this grant type using the Web UI.