cannot get a api-token

[jdkent]

and if the client sends the Origin header for code exchange request with POST /oauth/token call, Auth0, by default, prevents issuing tokens and throws this error.

Do not include the origin header when making a request.

https://community.auth0.com/t/the-offline-access-scope-was-requested-but-no-refresh-token-was-issued-error-message-after-deploying-spa/117730

[nicoalee]

The default setup doesn’t allow the use of non-rotating refresh tokens from browsers. If non-rotating refresh tokens must be used from the browsers, please open a support ticket with Auth0.

It doesn't look like it's possible to do this without getting personalized assistance from auth0. As this is not a high priority at the moment, I will put this on the backlog.

This will become more of a priority if the use case arises where users who have uploaded data to our platform actively want to programmatically retrieve that data.