Hi Bram 
So you can still use a Refresh Token if the upstream IdP supports it. It’s just not an Auth0 issued Refresh Token. What would typically happen is that once Auth0 execution completes and the Auth0 application callback is driven - i.e. the callback defined by the redirect_uri - the application would then redirect to the 3rd party auth server to obtain the 3rd party access token and (optional) refresh token. This redirect will typically be done in the Auth0 callback. 3rd party SDKs - such as the googleapis SDK for node (googleapis - npm), for example - will typically then use the tokens acquired via the 3rd party authorization server to allow calls to the (3rd party) APIs - often seamlessly refreshing any access token where required.