Andy March
Hi Sean,
The difference you are seeing is due to where the user session is being resolved and which OAuth flow is being used as a result. The clientSecret allows you to verify that you are the application you claim to be, this must be kept secure at all times else your application could be impersonated. The universal app in this article has a Node server in the backend so it is able to keep secrets from the user, this means it can perform the authorization code flow using the secret. When you are creating a SPA all your code is being transferred to the user so there is nowhere to store that secret where it cannot be extracted, this means you need to perform the implicit flow. See more on the flow types here.
If you want to use both Nuxt and okta-vue you will be limited to the SPA mode and will need to do some extensions to the router to catch the callback. I actually wired up a simple SPA solution with Nuxt and okta-vue in preparation for this article, you can find this here. It’s far less polished but hopefully it will get you started and I’m happy to answer any questions.