Microsoft OAuth2 Authentication Not Returning Refresh Token

2019 Update

First of all, thanks to ke4ktz (the accepted answer), worked perfectly.

However, I did not know initially how to add offline_access to the scope :) so in case someone has the same issue, you just add it after your scope string with space so let's say your scope was "Sites.FullControl.All" so now it will be "offline_access Sites.FullControl.All".

The reference from Microsoft can be found here

I hope it helps

The Microsoft documentation is quite unclear. Their online services have gone through many iterations and this results in quite a bit of residual data lying around. When I revoked access to both applications from within Office365 and re-authenticated both of them from scratch, both calls were absent the refresh_token value in the response from the /token call.

I managed to put together the pieces from the Microsoft and OpenID documentation to find the answer. In the initial authorization request, the call to https://login.microsoftonline.com/common/oauth2/v2.0/authorize, adding offline_access to the scope query string parameter resolved the issue.

Nothing needs to be added or changed on the app registration side. When this new scope is added, the user will also be shown that the application is requesting access to the data offline. This sequence of steps turns on the return of the refresh_token value. Why it was there in the first place, without specifying offline_access still remains a mystery.