Not getting a refresh_token despite setting offline_access in scope and ensuring it is granted during Consent

[mig5]

Please help..

I am using the Authorization Code flow with an OIDC client that has the offline_access scope permitted.

I have ensured that I am setting offline_access in the list of scopes when accepting the Consent Request. This part from my Login and Consent app (it's PHP):

                    $consent_response = $this->container->hydra->getConsentRequest($challenge);
                    $grants = $consent_response->getRequestedScope();
                    syslog(LOG_DEBUG, "grant scope is " . print_r($grants, true));
                    $result = $this->container->hydra->acceptConsentRequest($challenge, array(
                        'grant_scope' => $grants,
                        'session' => array(
                            'id_token' => $this->container->hydraAdapter->getIdTokenData(
                                $consent_response->getSubject(),
                                $grants
                            )
                        )
                    ));

the syslog debug call shows:

Mar  5 03:25:30 ip-10-101-7-142 php: grant scope is Array
Mar  5 03:25:30 ip-10-101-7-142 php: (
Mar  5 03:25:30 ip-10-101-7-142 php:     [0] => openid
Mar  5 03:25:30 ip-10-101-7-142 php:     [1] => offline_access
Mar  5 03:25:30 ip-10-101-7-142 php: )

Yet in the response I have no refresh token (I am using https://github.com/jumbojett/OpenID-Connect-PHP/blob/master/src/OpenIDConnectClient.php on the RP and this is the value of requestTokens after exchanging the code):

Mar  5 03:25:30 ip-10-101-7-142 php: token_json stdClass Object
Mar  5 03:25:30 ip-10-101-7-142 php: (
Mar  5 03:25:30 ip-10-101-7-142 php:     [access_token] =>zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Mar  5 03:25:30 ip-10-101-7-142 php:     [expires_in] => 3600
Mar  5 03:25:30 ip-10-101-7-142 php:     [id_token] => xxxxxxxxxxxxxxxxxxxxxxxx
Mar  5 03:25:30 ip-10-101-7-142 php:     [scope] => openid offline_access
Mar  5 03:25:30 ip-10-101-7-142 php:     [token_type] => bearer
Mar  5 03:25:30 ip-10-101-7-142 php: )

What am I doing wrong?

This is Hydra v1.11.10.

my problem seems very similar to #2998 except that I have made sure offline_access is being sent as part of the requested scope when accepting the Consent Request.

[mig5]

I solved my problem. I didn't realize you needed to also set refresh_token as one of the grant_types for the OIDC client. (Docs are confusing and I thought that refresh_token worked so long as you're using the authorize_code grant type. In fact, it seems both are required)