I can rule out users changing password or unlinking application because that should return 401:
When a user changes their password or disconnects an app, we delete all tokens for that user. Both refresh and access tokens for that user will return
401Unauth
I can rule out the old token being killed because im always using the most recent token.
Is there a complete list of other reasons of what else could be going wrong?