Using the Box API V2, is there any combination of errors in the fields which would cause valid and non-expired refresh token or the access token to become invalid? Errors such invalid values for fields or maybe the frequency of retries, such as trying to create users with invalid fields within a short amount of time?
If you use the RT, it gives you back a new AT and RT. If you use the new AT, then the old RT becomes invalid.