Micah
It’s up to the implementation as to whether or not to grant refresh tokens to a SPA. Okta chooses not to as you could have a potentially unlimited refresh token leak from a SPA.
Okta does provide a mechanism to get a new access token, but it’s outside the spec. By default, the okta-auth-js library will fetch a new access token by leveraging the okta session cookie that’s already set when you authenticated. This is the default. It’s also configurable, if you don’t want this behavior.