So just to be clear, as of now there is no way you are able to use refresh tokens without calling
loginWithRedirector using third-party cookies?
Nothing has changed regarding any of this other than the fact that with v2, we flipped the default for useRefreshTokensFallback from true to false. If you want the exact same behavior as with v1, set it to true is all you need.
Refresh tokens solve the fact that, as long as we have a valid refresh token, we do not need to re-authenticate. However, we can not use a refresh token when we have no refresh token (in memor storage + refresh the page results in losing everything, including the refresh token, which is exactly what the error tells you).
If u enable the fallback, we will do a call to Auth0 that does not use refresh tokens under the hood for you to see if we can restore the session silently for you. This is exactly the same as doing loginWithRedirect, apart from the fact that we do it for you hidden in an iframe and only check if there is still a valid session with Auth0 (hence third party cookies).
Again, if this behavior is confusing, setting useRefreshTokensFallback to true is fine and recommended. We flipped the default because, by default, this fallback does not work in browsers that block third party cookies (which will be more over time), and we believe it is weird to have an SDK that, out of the box, does not work on browsers such as Safari (which happens when you set the fallback to true and do not use custom domains).