Thank you so much for the info, Dan.
If I could bug you just a little bit more, I came across the following article: Unable to retrieve a refresh token using the passwordless link method
Where the author states that
https://auth0.com/docs/best-practices/token-best-practices#refresh-token-usagePasswordless flow is not part of Oauth2.0 grant flows. Hence, it is not supported.
Is this true? That password-less with magic link cannot be used to access refresh token?