Hi @tim.bradford,
Welcome to the Auth0 Community and thank you for your post !
From my findings and given the fact that the issue occurs for a part of your users, one of the most probable causes would be that the Refresh Token is reaching a maximum in our database, which is currently 200, as mentioned in this Knowledge Article. When this limitation is reached, our server is automatically erasing the older ones.
Also non-expiring Refresh Tokens do not precisely align with our Token Best Practices, since even though a once a token is signed, it is essentially valid forever unless the sign-in key was changed. This could pose several potential issues, especially security wise, so that is why either setting an expiration is indicated, or the use of Refresh Token Rotation. The second option would be suited for your use case as well since it should not only work better, but also provide a more secure overall environment.
Additionally, would also suggest having a look over this Knowledge Article for extra clarifications.
I hope this helped.
Best regards,
Remus