Quick question about the OAuth token refresh behavior under extreme load. When JMeter hits 500 concurrent requests, the /oauth/token endpoint returns 403 Forbidden instead of 429. The environment is Genesys Cloud US1. Is this a security throttle or a misconfiguration in the client credentials flow? Need to understand if this blocks compliance validation for our audit.