In the documentation there is mentioned, that refresh token (and OAuth2 code flow) is enabled only, when user agree for na 'offline' scope - does it work in different way?