When OAuth2.doRefreshToken attempts to refresh an expired token that does not return an HTTP 400 error, then the re-authorization flow is never presented.
A more detailed explanation of the fix is explained by @matthewtintabee in the issue itself:
There appears to be a bug in one of the code paths in OAuth2.swift in 'doRefreshToken' in the case of an error. In the main 'do' section, if a generic error code 400 is returned, the refresh token is cleared and the next attempt to authorise therefore does not use it and things proceed as they should.
Normally, the invalid token error is identified earlier in 'parseRefreshTokenResponseData' which throws a more specific exception which is then handled by the exception block in 'doRefreshToken'. in this case, which is the normal path for this situation, the refresh token is not cleared, meaning that in the next attempt it tries to use the same token again, resulting in stalemate. Clearing the refresh token in the exception handler therefore fixes this problem.
When
OAuth2.doRefreshToken
attempts to refresh an expired token that does not return an HTTP 400 error, then the re-authorization flow is never presented.A more detailed explanation of the fix is explained by @matthewtintabee in the issue itself: