Hi there @ydeng welcome to the community!
You may want to look into writing an Action that utilizes the oauth2-refresh-token property listed under event.transaction here:
https://auth0.com/docs/customize/actions/flows-and-triggers/login-flow/event-object
Some more on what conditional mfa may look like can be found in the following FAQ:
https://community.auth0.com/t/how-to-enable-mfa-for-a-subset-of-users/87505
Hope this helps!