Foreword
All the content here is to the best of my understanding. However, since this relates to security, don't use this as a definitive reference.
...
Importantly (from the link above, verbatim) "If a previously used refresh token is used again with the token request, the Authorization Server automatically detects the attempted reuse of the refresh token. As a result, Okta immediately invalidates the most recently issued refresh token and all access tokens issued since the user authenticated. This protects your application from token compromise and replay attacks."
Using Okta to manage sessions
...