We've setup a Google oauth web application client on our GCP project and we use it to setup a Google social connection on an Auth0 tenant.

This would allow our users to sign up to our app using their Google accounts while also allowing us to use Auth0 to manage our user accounts/logins/etc.

Auth0 also allows us to use the Device Authorization Flow for signing in users. This is similar to Google OAuth's login flow for TV and limited-input device except the Google access tokens/refresh tokens never reach the device and instead the device receives Auth0 tokens instead and the Google tokens are stored in Auth0.

We've created a POC native app that runs on a client device that would use Auth0's device authorization flow for user sign in with Google as the social provider to get Auth0 tokens. The native app then uses the Auth0 token to call a backend API that is secured with Auth0. The backend API then fetches the user's Google access token in order to call restricted scope Google APIs.

My question is: does this kind of system violate Google's OAuth 2.0 policies and will not pass Google's OAuth verification? 

There is a section in Google's OAuth 2.0 Policies requiring that we "Register an appropriate OAuth client" for our app, in our case our OAuth client is of type "Web Application" and we use it to set Google as a social provider in Auth0. Auth0 stores the tokens, and our backend servers use the Google tokens. The Google tokens never reach our client device so it's not directly using the Google tokens, but rather our backend server is.