1- Firebase: They rotate keys regularly. The expiry time is mentioned in max-age in the Cache-Control header in the response of jwk_url. See this jwk_url.
2- Auth0: Not on regular basis(as per my findings). However, users can do it manually through the dashboard or from the API.
Reference You can now Rotate Signing Keys! - Auth0 Community
3- OneGraph: here