Web proxy unable to recover from rotated grant secrets

[mike-marcacci]

We have reports that, at least in certain cases, the web proxy does not reattempt the auth code flow when its refresh token is invalid, as is the case for disabled grants, rotated grant secrets, etc.

It is possible that the error is not in the proxy itself, but instead the apps that are using it (for example, not redirecting on 401 returned from an API call), but this should be investigated nonetheless.