The reason for storing them both is so that even if you don’t need the access token to make an API request you can still use it to verify the user is still connected to your app, and if they have chosen to disconnect from your app you can use that to remove any data you have stored about the user from your systems.
The refresh token given after a refresh doesn’t always change, sometimes you get the same one back that you just used but some times you get a new one, so it’s always best to replace whatever previous tokens you had with the new ones you get given.