Hi! I have a question regarding oauth2. I have one endpoint which uses ktors oauth feature and i got it working with the microsoft open ID thing. i get back an auth token and a refresh token. How should i protect all my other endpoints when i already have valid tokens? just with the JWT auth feature where i always pass the obtained auth token? it seems like i can't pass the token (as Bearer) to the auth endpoint, it always tries to redirect me to the auth provider.