Hi @lorinw00,
According to this documentation - Refresh access tokens | Okta Developer
Authorization code with PKCE requests don't return refresh tokens if they are sent from SPAs or other browser-based apps. Instead, you can silently refresh tokens by making a call to the /authorize endpoint.
Follow this - Refresh access tokens | Okta Developer
Also, the authorization code is an intermediate token that will be exchanged for an access/ID token. It is not saved in the browser local storage AFAIK.
These prior discussions might also help -
https://support.okta.com/help/s/question/0D51Y00005xyT6j/spa-oauth-flow-recommendation-and-token-refresh?language=en_US