Hi Pulikkan,
The application you have registered in Okta is a web application and the token endpoint is setup to require a client secret. You won’t be able to just send the client_id.
For an OIDC application in Okta that is setup as a web app, it will require credentials for the /token endpoint. This means you will not be able to make this call from browser JS.
You can replicate this in Postman by adding the http header ‘origin’ when making the call, you will receive the same error as when making this call via xhr/ajax/fetch/etc from a browser.
/token calls from browser JS can only happen if the OIDC application registered in Okta uses PKCE and has no /token endpoint credentials.
Is it possible for you to make the refresh token call from your backend server and pass it back to the FE like you must be doing as part of the initial login flow?