oidc-agent is able to update a stored refresh token. However, therefore it has to receive a new refresh token from the provider. If a refresh token expired (e.g. because the token was used within the lifetime of that token), use
oidc-gen --reauthenticate <short_name> to re-authenticate and update the refresh token.