Issue #367: Refresh token expiration fix

[josephquigley]

When OAuth2.doRefreshToken attempts to refresh an expired token that does not return an HTTP 400 error, then the re-authorization flow is never presented.

A more detailed explanation of the fix is explained by @matthewtintabee in the issue itself:

There appears to be a bug in one of the code paths in OAuth2.swift in 'doRefreshToken' in the case of an error. In the main 'do' section, if a generic error code 400 is returned, the refresh token is cleared and the next attempt to authorise therefore does not use it and things proceed as they should.

Normally, the invalid token error is identified earlier in 'parseRefreshTokenResponseData' which throws a more specific exception which is then handled by the exception block in 'doRefreshToken'. in this case, which is the normal path for this situation, the refresh token is not cleared, meaning that in the next attempt it tries to use the same token again, resulting in stalemate. Clearing the refresh token in the exception handler therefore fixes this problem.

[ossus-lib]

This would clear the refresh token on any error, also e.g. when the server is temporarily unavailable (OAuth2Error.temporarilyUnavailable). I don't think this is desirable. The right way would be to check if the error is the invalid_grant error (which is thrown as OAuth2Error.invalidGrant) and delete the refresh token only in that case.