diff --git a/README.md b/README.md
index 3d02bea..f0765c0 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ Register your application by selecting **Applications** > **Add Application**. O
 
 On the following screen, edit the application settings. For these sample applications we are using port number 8080. Configure your app as follows:
 
+* Avoid third-party cookies by enabling the `Refresh Token` grant type under **General Settings > Grant type > Core grants > Refresh Token**.
 * **Base URI**: `http://localhost:8080`
 * **Login redirect URI**: `http://localhost:8080/login/callback` 
 * **Logout redirect URI**: `http://localhost:8080` 
diff --git a/custom-login/src/app/app.config.ts b/custom-login/src/app/app.config.ts
index 80bb03c..ee529e4 100644
--- a/custom-login/src/app/app.config.ts
+++ b/custom-login/src/app/app.config.ts
@@ -6,7 +6,7 @@ export default {
     clientId: `${CLIENT_ID}`,
     issuer: `${ISSUER}`,
     redirectUri: 'http://localhost:8080/login/callback',
-    scopes: ['openid', 'profile', 'email'],
+    scopes: ['openid', 'profile', 'email', 'offline_access'],
     testing: {
       disableHttpsCheck: `${OKTA_TESTING_DISABLEHTTPSCHECK}`
     },
diff --git a/okta-hosted-login/src/app/app.config.ts b/okta-hosted-login/src/app/app.config.ts
index 38f0822..a4e7fdd 100644
--- a/okta-hosted-login/src/app/app.config.ts
+++ b/okta-hosted-login/src/app/app.config.ts
@@ -5,7 +5,7 @@ export default {
     clientId: `${CLIENT_ID}`,
     issuer: `${ISSUER}`,
     redirectUri: 'http://localhost:8080/login/callback',
-    scopes: ['openid', 'profile', 'email'],
+    scopes: ['openid', 'profile', 'email', 'offline_access'],
     pkce: true,
     testing: {
       disableHttpsCheck: `${OKTA_TESTING_DISABLEHTTPSCHECK}`