diff --git a/packages/core/src/oidc/grants/refresh-token.ts b/packages/core/src/oidc/grants/refresh-token.ts
index eb3e4225e..9384e6b08 100644
--- a/packages/core/src/oidc/grants/refresh-token.ts
+++ b/packages/core/src/oidc/grants/refresh-token.ts
@@ -130,7 +130,8 @@ export const buildHandler: (
   }
 
   /* === RFC 0001 === */
-  // The params object may have the key with `undefined` value, so we have to use `Boolean` to check.
+  // The value type is `unknown`, which will swallow other type inferences. So we have to cast it
+  // to `Boolean` first.
   const organizationId = cond(Boolean(params.organization_id) && String(params.organization_id));
   if (organizationId) {
     // Validate if the refresh token has the required scope from RFC 0001.
diff --git a/packages/core/src/oidc/init.ts b/packages/core/src/oidc/init.ts
index e388e0bd3..2d1629218 100644
--- a/packages/core/src/oidc/init.ts
+++ b/packages/core/src/oidc/init.ts
@@ -18,7 +18,7 @@ import koaBody from 'koa-body';
 import Provider, { errors } from 'oidc-provider';
 import snakecaseKeys from 'snakecase-keys';
 
-import type { EnvSet } from '#src/env-set/index.js';
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import { addOidcEventListeners } from '#src/event-listeners/index.js';
 import koaAuditLog from '#src/middleware/koa-audit-log.js';
@@ -281,7 +281,11 @@ export default function initOidc(envSet: EnvSet, queries: Queries, libraries: Li
   });
 
   addOidcEventListeners(oidc, queries);
-  registerGrants(oidc, envSet, queries);
+
+  // DEV: Customized `refresh_token` grant
+  if (EnvSet.values.isDevFeaturesEnabled) {
+    registerGrants(oidc, envSet, queries);
+  }
 
   // Provide audit log context for event listeners
   oidc.use(koaAuditLog(queries));