This article explains why a refresh token is not issued during a Native to Web Single Sign-On (SSO) flow even when the application and API are configured for offline access. This situation occurs when an application uses a session established via a Session Transfer Token (STT).

• Native to Web SSO
• Session Transfer Token
• Refresh Token

The issue occurs because the target application lacks the specific session transfer configuration required to authorize the issuance of refresh tokens when the session is initiated by an STT. Even if the offline_access scope is present and the API allows offline access, the refresh token is withheld if the application's session_transfer object is missing or does not have allow_refresh_token set to true.

To fix this issue, please make sure the application receiving the session is configured to allow refresh tokens during a session transfer. This core action enables the issuance of a refresh token even when the session originates from a Native to Web Single Sign-On (SSO) flow.

1. Sign in to the Auth0 Dashboard.
2. Choose Applications > Applications from the navigation menu.
3. Select the specific application that requires a refresh token.
4. On the Settings tab, locate the Session Transfer section.
5. Select the Allow Refresh Token Requests checkbox.
6. Select Save Changes.
7. Verify the authentication flow to confirm the refresh token is included in the response.