Hi,

I've implemented Salesforce OAuth 2.0 Web Server flow and it works perfectly well with a HTTP callback uri. But when I use an HTTPS callback URI, the page on which the User Approves the app to use Salesforce asks for less permissions than what is shown for HTTP URI. 

The Remote Access Applications setup for both is exactly the same except the callback uri's ( obviously )

The page requesting the user to grant access for HTTP callback uri is asking for 3 permissions ( see https://www.dropbox.com/s/62qzsgev3nidw9o/developersalesforce.tiff ) 

1. Access your basic information

2. Access and manage your data

3. Perform requests on your behalf at any time

While the same page for HTTPS callback uri is only asking the first two options and not the third one ( see https://www.dropbox.com/s/w0k92iu42wuudug/securesalesforce.tiff )

Because of this, I cannot refresh my access tokens and the request to refresh access token fails.

Any insights on this will be highly appreciated.

Regards,

Agraj