The current implementation of getting the claims for the new token from the ClaimsPricipal of the expired token, creates duplicate audiences and thus fails after the first token refresh.
Recalculating the claims based on the userId from the ClaimsPrincipal resolves this issue.
The current implementation of getting the claims for the new token from the ClaimsPricipal of the expired token, creates duplicate audiences and thus fails after the first token refresh.
Recalculating the claims based on the userId from the ClaimsPrincipal resolves this issue.