Refresh OAuth Access Token returns 409 Conflict

Hi,

I'm using the following route to refresh the access token

POST https://api.box.com/oauth2/token

This endpoint seems to intermittently return 409 Conflict response code without any response body.

At times, retrying the request resolves the issue as the endpoint returns 200 OK with a new set of access_token and refresh_token.

Most of the 409 Conflict retries end up with 400 Bad Request.
In those 400 Bad Request response body, it would indicate the refresh token has expired - with these 2 types of descriptions:
- {"error":"invalid_grant","error_description":"Invalid refresh token"}
- {"error":"invalid_grant","error_description":"Refresh token has expired"}

The API documentation states that the refresh token is valid for up to 60 days and only meant for single use. I have confirmed that every successful renewal's refresh token is stored and used for subsequent renewals.

What would be the cause for 409 Conflict during token renewals, resulting into a 400 Bad Request while the refresh token is supposed to be valid?