so you're adding the Authorization header in an interceptor? I don't think this works, as the authenticator is called after all the interceptors, so after it runs you're returning the original request with outdated access token, which won't be re-intercepted to add the new access token. you should update the Authorization header in the returned request