Hi @team9,
Welcome to the Auth0 Community and thank you for your post!
Thanks @Misty668Brooks, for your contribution as well.
What you have mentioned is correct, at outlined in this community post - Force New Tokens from the Google Social Connection.
This is however the expected behavior, as storing and refreshing third-party tokens is a feature handled by the new addition of Token Vault, so I would definitely recommend checking this documentation. You can also store the refresh tokens securely on the server side, but enabling this feature makes it a lot easier for you, since Auth0 will manage the process seamlessly. However:
Token Vault is currently available in Early Access for public cloud tenants. To enable Token Vault, contact your Auth0 representative.
I hope this helps!
Best regards,
Remus