A few questions about your setup, because your mentioning authentication (not authorization) as well as access token (and not ID token):
What type of applications are these App 1 - App 3 from a technology point of view? How do you work with them and the token?
The reason I’m asking is to understand whether these are client applications where you simply just want to identify a user (=authentication), or whether these are backend servers (APIs) that you want to protect and only grant access with access token (in the sense of OAuth2: your resource servers) (=authorization). If it’s the latter, the question would be whether these three applications are registered as APIs in Auth0 and thus being different audiences. (This is relevant because an access token can only be for one audience, not multiple).
Where do you store the refresh token? And to clarify, is it just one refresh token or three? Which application requests this refresh token in the first place?
The setup isn’t 100% clear to me and therefore hard to five a proper answer, but in general, there is no mirroring or alike mechanism in place.
And maybe helpful resources: