OIDC SPA Keycloack refresh_token storage location

I have Single Page Application based on Open ID Connect flow (keycloak). I wonder what are the security considerations for refresh token storage – what are the advantages and disadvantages for storing refresh token by the web/mobile application or by the API gateway.