That is correct, we recommend using refresh token rotation. If you want to know more about how it works, I will list a few resources that explain the process. For the most part, it will be handled by the SDK and you only need to make the minor configuration changes.
Hope this helps,
Dan