From 4c4fabda48b9746312ae65f499349a881225c29f Mon Sep 17 00:00:00 2001
From: Anja <anja@bookchoice.com>
Date: Wed, 25 Mar 2026 13:38:25 +0100
Subject: [PATCH 1/2] fix(refresh-token): only refresh when auth token is
 expired

---
 src/runtime/plugins/refresh-token.server.ts | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/runtime/plugins/refresh-token.server.ts b/src/runtime/plugins/refresh-token.server.ts
index 6cc79e6ba..9e6660863 100644
--- a/src/runtime/plugins/refresh-token.server.ts
+++ b/src/runtime/plugins/refresh-token.server.ts
@@ -9,22 +9,16 @@ export default defineNuxtPlugin({
     const { rawToken, rawRefreshToken, refreshToken, token, lastRefreshedAt }
       = useAuthState()
 
-    if (refreshToken.value && token.value) {
+    if (refreshToken.value && !token.value) {
       const provider = useTypedBackendConfig(useRuntimeConfig(), 'local')
 
       const { path, method } = provider.refresh.endpoint
       const refreshRequestTokenPointer = provider.refresh.token.refreshRequestTokenPointer
 
-      // include header in case of auth is required to avoid 403 rejection
-      const headers = new Headers({
-        [provider.token.headerName]: token.value
-      } as HeadersInit)
-
       try {
         const response = await _fetch<Record<string, any>>(nuxtApp, path, {
           method,
-          body: objectFromJsonPointer(refreshRequestTokenPointer, refreshToken.value),
-          headers
+          body: objectFromJsonPointer(refreshRequestTokenPointer, refreshToken.value)
         })
 
         const tokenPointer = provider.refresh.token.refreshResponseTokenPointer || provider.token.signInResponseTokenPointer

From a89a929896f589e8b12139aeff2e18beb23cd133 Mon Sep 17 00:00:00 2001
From: Anja <anja@bookchoice.com>
Date: Tue, 31 Mar 2026 11:30:36 +0200
Subject: [PATCH 2/2] fix(refresh-token): PR requested changes

---
 src/runtime/plugins/refresh-token.server.ts | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/runtime/plugins/refresh-token.server.ts b/src/runtime/plugins/refresh-token.server.ts
index 9e6660863..88296112b 100644
--- a/src/runtime/plugins/refresh-token.server.ts
+++ b/src/runtime/plugins/refresh-token.server.ts
@@ -9,16 +9,24 @@ export default defineNuxtPlugin({
     const { rawToken, rawRefreshToken, refreshToken, token, lastRefreshedAt }
       = useAuthState()
 
-    if (refreshToken.value && !token.value) {
+    if (refreshToken.value) {
       const provider = useTypedBackendConfig(useRuntimeConfig(), 'local')
 
       const { path, method } = provider.refresh.endpoint
       const refreshRequestTokenPointer = provider.refresh.token.refreshRequestTokenPointer
 
+      // include header in case of auth is required to avoid 403 rejection
+      const headers = token.value
+        ? new Headers({
+            [provider.token.headerName]: token.value
+          } as HeadersInit)
+        : undefined
+
       try {
         const response = await _fetch<Record<string, any>>(nuxtApp, path, {
           method,
-          body: objectFromJsonPointer(refreshRequestTokenPointer, refreshToken.value)
+          body: objectFromJsonPointer(refreshRequestTokenPointer, refreshToken.value),
+          headers
         })
 
         const tokenPointer = provider.refresh.token.refreshResponseTokenPointer || provider.token.signInResponseTokenPointer