I am trying to set up Customer Accounts API authentication OIDC for my App.
The resources that I use:
Getting started with the Customer Account API (Is using the Headless Channel)
Authenticate customers with the Customer Account API (Tells me how to do it for an App)
If I authenticate using the headless channel I can receive an access token and a refresh token.
If I authenticate using my app I also receive the access token but no refresh token. (I do receive an expires_in value)
I could not find any mention, that there should be a difference between how I authenticate. There is also no mention that the refresh token is optional.
The only difference between my two auth flows is the client id.