I don't think I am understanding auth realms correctly. I have setup a route that requires a token to access, when no token is given or the token is invalid I respond with the

WWW-Authenticate

header. What is suppose to happen next? By my understand since I have configured

refreshTokens{}

upon failure ktor client should run the code within refresh tokens to get a new valid token and attempt the call again, correct? Going by logcat this does not seem to be happening. I see the initial request and a failure response followed by a crash do to the error, no attempt to refresh the token is taken. Any insight into what I am doing wrong is appreciated.

[DefaultDispatcher-worker-1] RESPONSE: 400 Bad Request
                                                                                                    METHOD: HttpMethod(value=GET)
                                                                                                    FROM: <https://example.com/api/jobs/IJ-H1>
                                                                                                    COMMON HEADERS
                                                                                                    -> access-control-allow-origin: *
                                                                                                    -> alt-svc: h3=":443"; ma=2592000
                                                                                                    -> cache-control: no-cache, private
                                                                                                    -> content-type: application/json
                                                                                                    -> date: Fri, 21 Jul 2023 16:00:01 GMT
                                                                                                    -> server: Caddy; nginx/1.20.1
                                                                                                    -> transfer-encoding: chunked
                                                                                                   *** -> www-authenticate: Bearer realm="Machine Token Required", charset="UTF-8" ***
                                                                                                    -> x-android-received-millis: 1689955202687
                                                                                                    -> x-android-response-source: NETWORK 400
                                                                                                    -> x-android-selected-protocol: http/1.1
                                                                                                    -> x-android-sent-millis: 1689955201442
                                                                                                    -> x-powered-by: PHP/8.1.8
                                                                                                    -> x-ratelimit-limit: 60
                                                                                                    -> x-ratelimit-remaining: 59
                                                                                                    BODY Content-Type: application/json
                                                                                                    BODY START
                                                                                                    {"message":"No token specified"}
                                                                                                    BODY END

install(Auth) {
                        bearer {
                            realm = "Machine Token Required"
                            loadTokens {
                                BearerTokens("","***")
                            }

                            refreshTokens {
                                val machineToken: MachineToken = client.submitForm {
                                    url("$url/machine/$machineName/token")
                                    headers {
                                        append(
                                            "X-MACHINE-REQUEST-TOKEN",
                                            oldTokens?.refreshToken ?: ""
                                        )
                                    }
                                    markAsRefreshTokenRequest()
                                }.body()

                                BearerTokens(
                                    machineToken.token,
                                    oldTokens?.refreshToken ?: ""
                                )
                            }
                        }
                    }

The server should respond with the 401 status code but it replies with 400.

Thanks!