You need to have an active session with Okta to be able to get new tokens (without a refresh token). Refresh tokens are not recommended for SPAs because of security, the silent refresh (getWithoutPrompt) is more secure, but requires you have an active session with the IdP (okta). You can increase the session timeout in okta (Okta Sign-on policy) if necessary.