adminitiateauth and refresh tokens

We use the adminInitiateAuth API in our backend to authenticate our clients. We have deployed our Auth API endpoints using API gateway and AWS Lambda with User pools

A web app user authenticates with cognito via our api and the backend admininitiateauth call returns access, id & refresh tokens. Then when the user refreshes their tokens and passes the refresh token to our api we see that admininitiateauth only returns access & id token and not an new refresh token.

How is the user expected to refresh the next time? Does a user only get one refresh?

There is NOTHING in the documentation as you why refreshing tokens via admininitiateauth does not return a new refresh token as well.

Anyone seen this and got any tips?