Can you try disabling the “Prevent Cross-Site Tracking” setting in Safari to see if that resolves the issue?
Safari blocks third-party cookies by default and this can prevent the autoRenew functionality from succeeding as it will rely on being able to access the session cookie Okta sets on your Okta domain to determine if the user is still logged into Okta. This is why you see a “login_required” error, as the autoRenew functionality is trying to silently request tokens without prompting the user. More details about why this occurs here.
If this is the issue you are running into, aside from using a Custom URL domain and hosting your application on the same domain (so that cookies are first party), you can look into using Refresh Tokens instead.
We have a new feature in EA called “Refresh token rotation” which allows SPA applications to request Refresh Tokens from the front end when they use Authorization Code flow with PKCE. You can enable this feature in your org by going to Settings -> Features in the Admin Console and then enabling the “Refresh token” grant type for the SPA application you are using. More details about how to use this feature are available here.