Actually you don't need offline_access to sign in and read the user profile, you only need that when you want to get refresh tokens that allow you to continue to access the graph on behalf of the user even when the user is no longer signed in. Without offline_acces you can still have the user sign in, read their profile and re-authenticate them when the token expires. I don't understand why would need to read the profile more than once after the user has signed in, if you just keep that information in your own profile.
Our users are not allowed to consent, so we require admin consent. In this application this does not work, because when I try this the application will only ask for two admin consents: "Sign in and read user profile" and "Read all users' basic profiles", NOT for "Access your data anytime" and "View your email address", so our users cannot sign in even after we have given admin consent.