Dealing with a very strange bug here with our multi-tenant AppFoundry integration where the OAuth token refresh mechanism fails intermittently for specific organizations. The application uses the standard oauth2 grant type and handles token storage server-side. Most tenants refresh seamlessly, but a subset returns a 401 Unauthorized error during the refresh grant request to https://login.mypurecloud.com/oauth/token.
The initial access tokens are valid and functional for the first hour. When the application attempts to use the refresh token to obtain a new access token, the platform rejects the request. The payload includes the correct client_id, client_secret, refresh_token, and grant_type=refresh_token. No changes have been made to the app configuration or the associated OAuth scopes recently.
We verified the tokens are not expired prematurely and that the client secrets match the AppFoundry configuration. This issue affects approximately 15% of our active organizations, mostly those created in the last quarter. The error response body is empty, providing no specific reason for the rejection beyond the status code. Rate limiting is not a factor as these are isolated requests.
Has anyone encountered similar issues with token refresh in a multi-org context? We are considering if this relates to recent platform security updates or specific tenant-level restrictions. Any insights into debugging 401 errors on the OAuth endpoint would be appreciated. We are currently on the latest version of our integration framework.