Expired Refresh Token Error should send 403?

[snsb-seifert]

In flask-praetorian/flask_praetorian/exceptions.py the ExpiredRefreshError exception sends a 401 status code.

Should this not be a 403 status code, as this token is not usable any more?

I looked up the RFCs but did not find an answer. On the webpage from docs.apigee.com, in the oauth2 implementation, they send a 400 status code (Bad Request) for an expired expired refresh token.