you can clear the tokens after a successfully obtaining them and storing them into something that holds them, the auth plugin will try to refetch them when u use bearer auth provider clear

If you do that it will still put the header Authorization: Bearer (without the token). Ktor server will then try to authenticate it as bearer auth, even when auth is set to optional, but given that the token is missing, it will fail.