The OAuth token refresh endpoint intermittently returns a “400 Bad Request” error when the refresh token is still valid. As a result, users are logged out unexpectedly and must reauthenticate manually. Investigation points to inconsistent validation of the token payload before renewal.